[Freeipa-users] Freeipa-users Digest, Vol 100, Issue 49
Sumit Bose
sbose at redhat.com
Wed Nov 16 14:19:12 UTC 2016
On Wed, Nov 16, 2016 at 03:06:34PM +0100, rajat gupta wrote:
> Hi sumit,
>
> you mean to say these?
>
> ]# grep pam_winbind /etc/pam.d/password-auth
> auth sufficient pam_winbind.so use_first_pass
> account [default=bad success=ok user_unknown=ignore] pam_winbind.so
> password sufficient pam_winbind.so use_authtok
> session optional pam_winbind.so
yes, in general pam_winbind is not needed on IPA clients, is there a
reason why you added it?
Btw, please try to reply to the thread, otherwise is it hard to find you
replies.
bye,
Sumit
>
>
> On Wed, Nov 16, 2016 at 2:32 PM, <freeipa-users-request at redhat.com> wrote:
>
> > Send Freeipa-users mailing list submissions to
> > freeipa-users at redhat.com
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > or, via email, send a message with subject or body 'help' to
> > freeipa-users-request at redhat.com
> >
> > You can reach the person managing the list at
> > freeipa-users-owner at redhat.com
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of Freeipa-users digest..."
> >
> >
> > Today's Topics:
> >
> > 1. minimise impact compromised host (Stijn De Weirdt)
> > 2. Re: pam_winbind(sshd:auth): pam_get_item returned a password
> > (Sumit Bose)
> > 3. Re: Freeipa-users Digest, Vol 100, Issue 48 (rajat gupta)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Wed, 16 Nov 2016 14:01:09 +0100
> > From: Stijn De Weirdt <stijn.deweirdt at ugent.be>
> > To: freeipa-users at redhat.com
> > Subject: [Freeipa-users] minimise impact compromised host
> > Message-ID: <ff5882de-4ce0-dcfb-ce37-dba2d47cac85 at ugent.be>
> > Content-Type: text/plain; charset=utf-8
> >
> > hi all,
> >
> > we are looking how to configure whatever relevant policy to minimise the
> > impact of compromised IPA hosts (ie servers with a valid host keytab).
> >
> > in particular, it looks like it possible to retrieve any user token once
> > you have access to a valid host keytab.
> >
> > we're aware that the default IPA policies are wide open, but we are
> > looking how to limit this. for us, there's no need that a hostkeytab can
> > retrieve tokens for anything except the services on that host.
> >
> >
> > stijn
> >
> >
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Wed, 16 Nov 2016 14:25:00 +0100
> > From: Sumit Bose <sbose at redhat.com>
> > To: freeipa-users at redhat.com
> > Subject: Re: [Freeipa-users] pam_winbind(sshd:auth): pam_get_item
> > returned a password
> > Message-ID:
> > <20161116132500.GO28171 at p.Speedport_W_724V_Typ_A_05011603_00_009>
> > Content-Type: text/plain; charset=us-ascii
> >
> > On Wed, Nov 16, 2016 at 01:01:59PM +0100, Sumit Bose wrote:
> > > On Wed, Nov 16, 2016 at 12:49:59PM +0100, rajat gupta wrote:
> > > > I am using FreeIPA version 4.4.0 Active Directory trust setup. And on
> > > > Active Directory side I am using UPN suffix.
> > > > Following are my domain setup.
> > > >
> > > > AD DOMANIN :- corp.addomain.com
> > > > UPN suffix :- username at mydomain.com
> > > > IPA DOMAIN :- ipa.ipadomain.local
> > > > IPA server hostname:- ilt-gif-ipa01.ipa.ipadomain.local
> > >
> > > When you call 'ipa trust-find' on the IPA server do you see the
> > > mydomain.com UPN suffix listed, like e.g.:
> > >
> > > # ipa trust-find
> > > ---------------
> > > 1 trust matched
> > > ---------------
> > > Realm-Name: ad.devel
> > > Domain NetBIOS name: AD
> > > Domain Security Identifier: S-1-5-21-3692237560-1981608775-3610128199
> > > Trust type: Active Directory domain
> > > UPN suffixes: alt.alt, alt.upn.suffix
> > >
> > > SSSD 1.14 and above on the IPA client should enable enterprise principal
> > > support automatically if UPN suffixes are found on the server but
> > according to
> > >
> > > (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true]
> > enterprise principal [false] offline [false] UPN [Rajat.Gupta at MYDOMAIN.COM
> > ]
> > >
> > > it is not. If the UPN suffixes are not know on the server, calling 'ipa
> > > trust-fetch-domains' might help to get them. If there are still no UPN
> > suffixes
> > > available on the server you can switch on enterprise principal on the
> > client
> > > manually by adding 'krb5_use_enterprise_principal = True' in the
> > [domain/...]
> > > section of sssd.conf. You have to set it manually as well if you are
> > using
> > > older versions of SSSD.
> > >
> > > HTH
> > >
> > > bye,
> > > Sumit
> > >
> > > >
> > > >
> > > > I am able to login with AD user on IPA server. But on IPA clinet i am
> > not
> > > > able to login i am getting the login message "Access denied". I have
> > > > enabled the debug_level on sssd.conf on ipa clinet.
> > > >
> > > > below are some logs..
> > > > ================
> > > > /var/log/secure
> > > >
> > > > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_sss(sshd:auth):
> > authentication
> > > > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x user=rg1989
> > > > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_sss(sshd:auth): received
> > for
> > > > user e600336: 6 (Permission denied)
> > > > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_winbind(sshd:auth): getting
> > > > password (0x00000010)
> >
> > By the way, why do you have pam_winbind in the PAM configuration?
> >
> > bye,
> > Sumit
> >
> > > > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_winbind(sshd:auth):
> > > > pam_get_item returned a password
> > > > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_winbind(sshd:auth):
> > internal
> > > > module error (retval = PAM_AUTHINFO_UNAVAIL(9), user = 'rg1989')
> > > > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: Failed password for e600336
> > from
> > > > x.x.x.x. port 48842 ssh2
> > > > ================
> > > >
> > > > ================
> > > > krb5_child.log
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4836]]]] [k5c_send_data]
> > > > (0x4000): Response sent.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4836]]]] [main] (0x0400):
> > > > krb5_child completed successfully
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x0400):
> > > > krb5_child started.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [unpack_buffer]
> > > > (0x1000): total buffer size: [159]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [unpack_buffer]
> > > > (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true]
> > > > enterprise principal [false] offline [false] UPN [
> > Rajat.Gupta at MYDOMAIN.COM]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [unpack_buffer]
> > > > (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname:
> > > > [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [switch_creds]
> > > > (0x0200): Switch user to [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [switch_creds]
> > > > (0x0200): Switch user to [0][0].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [k5c_check_old_ccache] (0x4000): Ccache_file is
> > > > [KEYRING:persistent:1007656917] and is not active and TGT is valid.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [k5c_precreate_ccache] (0x4000): Recreating ccache
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_setup_fast]
> > > > (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
> > > > [host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [find_principal_in_keytab] (0x4000): Trying to find principal
> > > > host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL in keytab.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [match_principal]
> > > > (0x1000): Principal matched to the sample
> > > > (host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL).
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > [check_fast_ccache]
> > > > (0x0200): FAST TGT is still valid.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [become_user]
> > > > (0x0200): Trying to become user [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_setup]
> > (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read
> > [SSSD_KRB5_RENEWABLE_LIFETIME]
> > > > from environment.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> > > > environment.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to
> > [true]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x0400):
> > Will
> > > > perform online auth
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [tgt_req_child]
> > > > (0x1000): Attempting to get a TGT
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > [get_and_save_tgt]
> > > > (0x0400): Attempting kinit for realm [MYDOMAIN.COM]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.416687: Getting
> > > > initial credentials for Rajat.Gupta at MYDOMAIN.COM
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.418641: FAST
> > armor
> > > > ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.418698:
> > Retrieving
> > > > host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL ->
> > > > krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM
> > > > \@MYDOMAIN.COM at X-CACHECONF: from
> > > > MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result:
> > > > -1765328243/Matching credential not found
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.418756: Sending
> > > > request (164 bytes) to MYDOMAIN.COM
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419718: Retrying
> > AS
> > > > request with master KDC
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419752: Getting
> > > > initial credentials for Rajat.Gupta at MYDOMAIN.COM
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419778: FAST
> > armor
> > > > ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419821:
> > Retrieving
> > > > host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL ->
> > > > krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM
> > > > \@MYDOMAIN.COM at X-CACHECONF: from
> > > > MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result:
> > > > -1765328243/Matching credential not found
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419859: Sending
> > > > request (164 bytes) to MYDOMAIN.COM (master)
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > [get_and_save_tgt]
> > > > (0x0020): 1296: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM
> > "]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [map_krb5_error]
> > > > (0x0020): 1365: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM
> > "]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_send_data]
> > > > (0x0200): Received error code 1432158228
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [pack_response_packet] (0x2000): response packet size: [4]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_send_data]
> > > > (0x4000): Response sent.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x0400):
> > > > krb5_child completed successfully
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x0400):
> > > > krb5_child started.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [unpack_buffer]
> > > > (0x1000): total buffer size: [159]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [unpack_buffer]
> > > > (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true]
> > > > enterprise principal [false] offline [false] UPN [
> > Rajat.Gupta at MYDOMAIN.COM]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [unpack_buffer]
> > > > (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname:
> > > > [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [switch_creds]
> > > > (0x0200): Switch user to [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [switch_creds]
> > > > (0x0200): Switch user to [0][0].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [k5c_check_old_ccache] (0x4000): Ccache_file is
> > > > [KEYRING:persistent:1007656917] and is not active and TGT is valid.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [k5c_precreate_ccache] (0x4000): Recreating ccache
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_setup_fast]
> > > > (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
> > > > [host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [find_principal_in_keytab] (0x4000): Trying to find principal
> > > > host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL in keytab.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [match_principal]
> > > > (0x1000): Principal matched to the sample
> > > > (host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL).
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > [check_fast_ccache]
> > > > (0x0200): FAST TGT is still valid.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [become_user]
> > > > (0x0200): Trying to become user [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_setup]
> > (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read
> > [SSSD_KRB5_RENEWABLE_LIFETIME]
> > > > from environment.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> > > > environment.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to
> > [true]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x0400):
> > Will
> > > > perform online auth
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [tgt_req_child]
> > > > (0x1000): Attempting to get a TGT
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > [get_and_save_tgt]
> > > > (0x0400): Attempting kinit for realm [MYDOMAIN.COM]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.426870: Getting
> > > > initial credentials for Rajat.Gupta at MYDOMAIN.COM
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.428706: FAST
> > armor
> > > > ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.428762:
> > Retrieving
> > > > host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL ->
> > > > krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM
> > > > \@MYDOMAIN.COM at X-CACHECONF: from
> > > > MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result:
> > > > -1765328243/Matching credential not found
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.428825: Sending
> > > > request (164 bytes) to MYDOMAIN.COM
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429706: Retrying
> > AS
> > > > request with master KDC
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429740: Getting
> > > > initial credentials for Rajat.Gupta at MYDOMAIN.COM
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429767: FAST
> > armor
> > > > ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429812:
> > Retrieving
> > > > host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL ->
> > > > krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM
> > > > \@MYDOMAIN.COM at X-CACHECONF: from
> > > > MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result:
> > > > -1765328243/Matching credential not found
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429854: Sending
> > > > request (164 bytes) to MYDOMAIN.COM (master)
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > [get_and_save_tgt]
> > > > (0x0020): 1296: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM
> > "]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [map_krb5_error]
> > > > (0x0020): 1365: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM
> > "]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_send_data]
> > > > (0x0200): Received error code 1432158228
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [pack_response_packet] (0x2000): response packet size: [4]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_send_data]
> > > > (0x4000): Response sent.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x0400):
> > > > krb5_child completed successfully
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x0400):
> > > > krb5_child started.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [unpack_buffer]
> > > > (0x1000): total buffer size: [159]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [unpack_buffer]
> > > > (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true]
> > > > enterprise principal [false] offline [true] UPN [
> > Rajat.Gupta at MYDOMAIN.COM]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [unpack_buffer]
> > > > (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname:
> > > > [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [switch_creds]
> > > > (0x0200): Switch user to [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
> > > > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [switch_creds]
> > > > (0x0200): Switch user to [0][0].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
> > > > [k5c_check_old_ccache] (0x4000): Ccache_file is
> > > > [KEYRING:persistent:1007656917] and is not active and TGT is valid.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [become_user]
> > > > (0x0200): Trying to become user [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [become_user]
> > > > (0x0200): Trying to become user [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [become_user]
> > > > (0x0200): Already user [1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [k5c_setup]
> > (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read
> > [SSSD_KRB5_RENEWABLE_LIFETIME]
> > > > from environment.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> > > > environment.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x0400):
> > Will
> > > > perform offline auth
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
> > [create_empty_ccache]
> > > > (0x1000): Existing ccache still valid, reusing
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [k5c_send_data]
> > > > (0x0200): Received error code 0
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
> > > > [pack_response_packet] (0x2000): response packet size: [53]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [k5c_send_data]
> > > > (0x4000): Response sent.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x0400):
> > > > krb5_child completed successfully
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x0400):
> > > > krb5_child started.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [unpack_buffer]
> > > > (0x1000): total buffer size: [52]
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [unpack_buffer]
> > > > (0x0100): cmd [249] uid [1007656917] gid [1007656917] validate [true]
> > > > enterprise principal [false] offline [true] UPN [
> > Rajat.Gupta at MYDOMAIN.COM]
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [become_user]
> > > > (0x0200): Trying to become user [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [become_user]
> > > > (0x0200): Trying to become user [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [become_user]
> > > > (0x0200): Already user [1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [k5c_setup]
> > (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read
> > [SSSD_KRB5_RENEWABLE_LIFETIME]
> > > > from environment.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> > > > environment.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x0400):
> > Will
> > > > perform pre-auth
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [tgt_req_child]
> > > > (0x1000): Attempting to get a TGT
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > [get_and_save_tgt]
> > > > (0x0400): Attempting kinit for realm [MYDOMAIN.COM]
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.766694: Getting
> > > > initial credentials for Rajat.Gupta at MYDOMAIN.COM
> > > >
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.769074: Sending
> > > > request (164 bytes) to MYDOMAIN.COM
> > > >
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.770020: Retrying
> > AS
> > > > request with master KDC
> > > >
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.770051: Getting
> > > > initial credentials for Rajat.Gupta at MYDOMAIN.COM
> > > >
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.770091: Sending
> > > > request (164 bytes) to MYDOMAIN.COM (master)
> > > >
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > [get_and_save_tgt]
> > > > (0x0400): krb5_get_init_creds_password returned [-1765328230} during
> > > > pre-auth.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [k5c_send_data]
> > > > (0x0200): Received error code 0
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > > > [pack_response_packet] (0x2000): response packet size: [4]
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [k5c_send_data]
> > > > (0x4000): Response sent.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x0400):
> > > > krb5_child completed successfully
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x0400):
> > > > krb5_child started.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [unpack_buffer]
> > > > (0x1000): total buffer size: [160]
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [unpack_buffer]
> > > > (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true]
> > > > enterprise principal [false] offline [true] UPN [
> > Rajat.Gupta at MYDOMAIN.COM]
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [unpack_buffer]
> > > > (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname:
> > > > [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab]
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [switch_creds]
> > > > (0x0200): Switch user to [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
> > > > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [switch_creds]
> > > > (0x0200): Switch user to [0][0].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
> > > > [k5c_check_old_ccache] (0x4000): Ccache_file is
> > > > [KEYRING:persistent:1007656917] and is not active and TGT is valid.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [become_user]
> > > > (0x0200): Trying to become user [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [become_user]
> > > > (0x0200): Trying to become user [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [become_user]
> > > > (0x0200): Already user [1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [k5c_setup]
> > (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read
> > [SSSD_KRB5_RENEWABLE_LIFETIME]
> > > > from environment.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> > > > environment.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x0400):
> > Will
> > > > perform offline auth
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
> > [create_empty_ccache]
> > > > (0x1000): Existing ccache still valid, reusing
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [k5c_send_data]
> > > > (0x0200): Received error code 0
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
> > > > [pack_response_packet] (0x2000): response packet size: [53]
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [k5c_send_data]
> > > > (0x4000): Response sent.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x0400):
> > > > krb5_child completed successfully
> > > >
> > > > =======================
> > > > Can you please help me to fix this,
> > >
> > > > --
> > > > Manage your subscription for the Freeipa-users mailing list:
> > > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > > Go to http://freeipa.org for more info on the project
> > >
> > > --
> > > Manage your subscription for the Freeipa-users mailing list:
> > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > Go to http://freeipa.org for more info on the project
> >
> >
> >
> > ------------------------------
> >
> > Message: 3
> > Date: Wed, 16 Nov 2016 14:31:52 +0100
> > From: rajat gupta <rajat.linux at gmail.com>
> > To: freeipa-users at redhat.com
> > Subject: Re: [Freeipa-users] Freeipa-users Digest, Vol 100, Issue 48
> > Message-ID:
> > <CAA=996GRhtGZnX1Oapgtt1kz_WiNjQNwW0kk0kvMvz_j4OJ1vg@
> > mail.gmail.com>
> > Content-Type: text/plain; charset="utf-8"
> >
> > Thanks, It is working for few user but not for every one. I have cleared
> > the sssd cache as well.
> > =====================
> > /var/log/secure
> >
> > Nov 16 14:06:39 ipa-clinet1 sshd[6852]: pam_sss(sshd:auth): authentication
> > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.213.0.134
> > user=kb1980
> > Nov 16 14:06:39 ipa-clinet1 sshd[6852]: pam_sss(sshd:auth): received for
> > user kb1980: 6 (Permission denied)
> > Nov 16 14:06:39 ipa-clinet1 sshd[6852]: pam_winbind(sshd:auth): getting
> > password (0x00000010)
> > Nov 16 14:06:39 ipa-clinet1 sshd[6852]: pam_winbind(sshd:auth):
> > pam_get_item returned a password
> > Nov 16 14:06:39 ipa-clinet1 sshd[6852]: pam_winbind(sshd:auth): internal
> > module error (retval = PAM_AUTHINFO_UNAVAIL(9), user = 'kb1980')
> > Nov 16 14:06:39 ipa-clinet1 sshd[6852]: Failed password for kb1980 from
> > 146.213.0.134 port 51114 ssh2
> > Nov 16 14:06:48 ipa-clinet1 sshd[6852]: Connection closed by 146.213.0.134
> > [preauth]
> > Nov 16 14:07:07 ipa-clinet1 sshd[3677]: pam_unix(sshd:session): session
> > closed for user kb1980
> >
> > ========================
> > krb5_child.log
> >
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [main] (0x0400):
> > krb5_child started.
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [unpack_buffer]
> > (0x1000): total buffer size: [54]
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [unpack_buffer]
> > (0x0100): cmd [249] uid [1007628631] gid [1007628631] validate [true]
> > enterprise principal [false] offline [true] UPN [karan.b at MYDOMAIN COM]
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [become_user]
> > (0x0200): Trying to become user [1007628631][1007628631].
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [main] (0x2000):
> > Running as [1007628631][1007628631].
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [become_user]
> > (0x0200): Trying to become user [1007628631][1007628631].
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [become_user]
> > (0x0200): Already user [1007628631].
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [k5c_setup] (0x2000):
> > Running as [1007628631][1007628631].
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]]
> > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
> > from environment.
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]]
> > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> > environment.
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [main] (0x0400): Will
> > perform pre-auth
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [tgt_req_child]
> > (0x1000): Attempting to get a TGT
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [get_and_save_tgt]
> > (0x0400): Attempting kinit for realm [MYDOMAIN COM]
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]]
> > [sss_child_krb5_trace_cb] (0x4000): [6879] 1479301593.872554: Getting
> > initial credentials for karan.b at MYDOMAIN COM
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]]
> > [sss_child_krb5_trace_cb] (0x4000): [6879] 1479301593.874607: Sending
> > request (167 bytes) to MYDOMAIN COM
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]]
> > [sss_child_krb5_trace_cb] (0x4000): [6879] 1479301593.898179: Retrying AS
> > request with master KDC
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]]
> > [sss_child_krb5_trace_cb] (0x4000): [6879] 1479301593.898221: Getting
> > initial credentials for karan.b at MYDOMAIN COM
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]]
> > [sss_child_krb5_trace_cb] (0x4000): [6879] 1479301593.898291: Sending
> > request (167 bytes) to MYDOMAIN COM (master)
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [get_and_save_tgt]
> > (0x0400): krb5_get_init_creds_password returned [-1765328230} during
> > pre-auth.
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [k5c_send_data]
> > (0x0200): Received error code 0
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]]
> > [pack_response_packet] (0x2000): response packet size: [4]
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [k5c_send_data]
> > (0x4000): Response sent.
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [main] (0x0400):
> > krb5_child completed successfully
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [main] (0x0400):
> > krb5_child started.
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [unpack_buffer]
> > (0x1000): total buffer size: [159]
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [unpack_buffer]
> > (0x0100): cmd [241] uid [1007628631] gid [1007628631] validate [true]
> > enterprise principal [false] offline [true] UPN [karan.b at MYDOMAIN COM]
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [unpack_buffer]
> > (0x0100): ccname: [KEYRING:persistent:1007628631] old_ccname:
> > [KEYRING:persistent:1007628631] keytab: [/etc/krb5.keytab]
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [switch_creds]
> > (0x0200): Switch user to [1007628631][1007628631].
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]]
> > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [switch_creds]
> > (0x0200): Switch user to [0][0].
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]]
> > [k5c_check_old_ccache] (0x4000): Ccache_file is
> > [KEYRING:persistent:1007628631] and is not active and TGT is valid.
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [become_user]
> > (0x0200): Trying to become user [1007628631][1007628631].
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [main] (0x2000):
> > Running as [1007628631][1007628631].
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [become_user]
> > (0x0200): Trying to become user [1007628631][1007628631].
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [become_user]
> > (0x0200): Already user [1007628631].
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [k5c_setup] (0x2000):
> > Running as [1007628631][1007628631].
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]]
> > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
> > from environment.
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]]
> > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> > environment.
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [main] (0x0400): Will
> > perform offline auth
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [create_empty_ccache]
> > (0x1000): Existing ccache still valid, reusing
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [k5c_send_data]
> > (0x0200): Received error code 0
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]]
> > [pack_response_packet] (0x2000): response packet size: [53]
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [k5c_send_data]
> > (0x4000): Response sent.
> > (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [main] (0x0400):
> > krb5_child completed successfully
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [main] (0x0400):
> > krb5_child started.
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [unpack_buffer]
> > (0x1000): total buffer size: [54]
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [unpack_buffer]
> > (0x0100): cmd [249] uid [1007628631] gid [1007628631] validate [true]
> > enterprise principal [false] offline [true] UPN [karan.b at MYDOMAIN COM]
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [become_user]
> > (0x0200): Trying to become user [1007628631][1007628631].
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [main] (0x2000):
> > Running as [1007628631][1007628631].
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [become_user]
> > (0x0200): Trying to become user [1007628631][1007628631].
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [become_user]
> > (0x0200): Already user [1007628631].
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [k5c_setup] (0x2000):
> > Running as [1007628631][1007628631].
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]]
> > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
> > from environment.
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]]
> > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> > environment.
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [main] (0x0400): Will
> > perform pre-auth
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [tgt_req_child]
> > (0x1000): Attempting to get a TGT
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [get_and_save_tgt]
> > (0x0400): Attempting kinit for realm [MYDOMAIN COM]
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]]
> > [sss_child_krb5_trace_cb] (0x4000): [6881] 1479301599.494908: Getting
> > initial credentials for karan.b at MYDOMAIN COM
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]]
> > [sss_child_krb5_trace_cb] (0x4000): [6881] 1479301599.496903: Sending
> > request (167 bytes) to MYDOMAIN COM
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]]
> > [sss_child_krb5_trace_cb] (0x4000): [6881] 1479301599.497962: Retrying AS
> > request with master KDC
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]]
> > [sss_child_krb5_trace_cb] (0x4000): [6881] 1479301599.497985: Getting
> > initial credentials for karan.b at MYDOMAIN COM
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]]
> > [sss_child_krb5_trace_cb] (0x4000): [6881] 1479301599.498026: Sending
> > request (167 bytes) to MYDOMAIN COM (master)
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [get_and_save_tgt]
> > (0x0400): krb5_get_init_creds_password returned [-1765328230} during
> > pre-auth.
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [k5c_send_data]
> > (0x0200): Received error code 0
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]]
> > [pack_response_packet] (0x2000): response packet size: [4]
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [k5c_send_data]
> > (0x4000): Response sent.
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [main] (0x0400):
> > krb5_child completed successfully
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [main] (0x0400):
> > krb5_child started.
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [unpack_buffer]
> > (0x1000): total buffer size: [159]
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [unpack_buffer]
> > (0x0100): cmd [241] uid [1007628631] gid [1007628631] validate [true]
> > enterprise principal [false] offline [true] UPN [karan.b at MYDOMAIN COM]
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [unpack_buffer]
> > (0x0100): ccname: [KEYRING:persistent:1007628631] old_ccname:
> > [KEYRING:persistent:1007628631] keytab: [/etc/krb5.keytab]
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [switch_creds]
> > (0x0200): Switch user to [1007628631][1007628631].
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]]
> > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [switch_creds]
> > (0x0200): Switch user to [0][0].
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]]
> > [k5c_check_old_ccache] (0x4000): Ccache_file is
> > [KEYRING:persistent:1007628631] and is not active and TGT is valid.
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [become_user]
> > (0x0200): Trying to become user [1007628631][1007628631].
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [main] (0x2000):
> > Running as [1007628631][1007628631].
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [become_user]
> > (0x0200): Trying to become user [1007628631][1007628631].
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [become_user]
> > (0x0200): Already user [1007628631].
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [k5c_setup] (0x2000):
> > Running as [1007628631][1007628631].
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]]
> > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
> > from environment.
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]]
> > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> > environment.
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [main] (0x0400): Will
> > perform offline auth
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [create_empty_ccache]
> > (0x1000): Existing ccache still valid, reusing
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [k5c_send_data]
> > (0x0200): Received error code 0
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]]
> > [pack_response_packet] (0x2000): response packet size: [53]
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [k5c_send_data]
> > (0x4000): Response sent.
> > (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [main] (0x0400):
> > krb5_child completed successfully
> >
> > On Wed, Nov 16, 2016 at 1:02 PM, <freeipa-users-request at redhat.com> wrote:
> >
> > > Send Freeipa-users mailing list submissions to
> > > freeipa-users at redhat.com
> > >
> > > To subscribe or unsubscribe via the World Wide Web, visit
> > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > or, via email, send a message with subject or body 'help' to
> > > freeipa-users-request at redhat.com
> > >
> > > You can reach the person managing the list at
> > > freeipa-users-owner at redhat.com
> > >
> > > When replying, please edit your Subject line so it is more specific
> > > than "Re: Contents of Freeipa-users digest..."
> > >
> > >
> > > Today's Topics:
> > >
> > > 1. Client x.x.xx - RFC 1918 response from Internet in
> > > /var/log/messages (Bjarne Blichfeldt)
> > > 2. Re: pam_winbind(sshd:auth): pam_get_item returned a password
> > > (Sumit Bose)
> > >
> > >
> > > ----------------------------------------------------------------------
> > >
> > > Message: 1
> > > Date: Wed, 16 Nov 2016 11:56:05 +0000
> > > From: Bjarne Blichfeldt <BJB at jndata.dk>
> > > To: "freeipa-users at redhat.com" <freeipa-users at redhat.com>
> > > Subject: [Freeipa-users] Client x.x.xx - RFC 1918 response from
> > > Internet in /var/log/messages
> > > Message-ID:
> > > <89213DDB84447F44A8E8950A5C2185E0482EB1EE at SJN01013.jnmain00.
> > > corp.jndata.net>
> > >
> > > Content-Type: text/plain; charset="us-ascii"
> > >
> > > Just updated a couple of free-ipa servers to:
> > > ipa-server-dns-4.4.0-12.el7.noarch
> > > redhat-release-server-7.3-7.el7.x86_64
> > >
> > > Before the update, I resolved the issue with RFC messages by:
> > > /etc/named.conf:
> > > options {
> > > disable-empty-zone "10.in-addr.arpa.";
> > > :
> > >
> > > Now after the update the RFS messages has returned. I read in the
> > > changelog for 4.4 that this issue was resolved.
> > > What did I miss?
> > >
> > >
> > >
> > >
> > >
> > >
> > > Venlig hilsen
> > >
> > >
> > > Bjarne Blichfeldt
> > >
> > >
> > > Infrastructure Services
> > >
> > >
> > >
> > > Direkte +4563636119
> > >
> > >
> > > Mobile +4521593270
> > >
> > >
> > > BJB at jndata.dk
> > >
> > > [cid:image005.png at 01D24008.CA6EF0F0]
> > >
> > > JN Data A/S
> > >
> > > *
> > >
> > > Havsteensvej 4
> > >
> > > *
> > >
> > > 4000 Roskilde
> > >
> > >
> > > Telefon 63 63 63 63/ Fax 63 63 63 64
> > >
> > >
> > > www.jndata.dk
> > >
> > >
> > > [cid:image006.png at 01D24008.CA6EF0F0]
> > > -------------- next part --------------
> > > An HTML attachment was scrubbed...
> > > URL: <https://www.redhat.com/archives/freeipa-users/
> > > attachments/20161116/46aeee39/attachment.html>
> > > -------------- next part --------------
> > > A non-text attachment was scrubbed...
> > > Name: image005.png
> > > Type: image/png
> > > Size: 410 bytes
> > > Desc: image005.png
> > > URL: <https://www.redhat.com/archives/freeipa-users/
> > > attachments/20161116/46aeee39/attachment.png>
> > > -------------- next part --------------
> > > A non-text attachment was scrubbed...
> > > Name: image006.png
> > > Type: image/png
> > > Size: 5487 bytes
> > > Desc: image006.png
> > > URL: <https://www.redhat.com/archives/freeipa-users/
> > > attachments/20161116/46aeee39/attachment-0001.png>
> > >
> > > ------------------------------
> > >
> > > Message: 2
> > > Date: Wed, 16 Nov 2016 13:01:59 +0100
> > > From: Sumit Bose <sbose at redhat.com>
> > > To: freeipa-users at redhat.com
> > > Subject: Re: [Freeipa-users] pam_winbind(sshd:auth): pam_get_item
> > > returned a password
> > > Message-ID:
> > > <20161116120159.GL28171 at p.Speedport_W_724V_Typ_A_
> > 05011603_00_009>
> > > Content-Type: text/plain; charset=us-ascii
> > >
> > > On Wed, Nov 16, 2016 at 12:49:59PM +0100, rajat gupta wrote:
> > > > I am using FreeIPA version 4.4.0 Active Directory trust setup. And on
> > > > Active Directory side I am using UPN suffix.
> > > > Following are my domain setup.
> > > >
> > > > AD DOMANIN :- corp.addomain.com
> > > > UPN suffix :- username at mydomain.com
> > > > IPA DOMAIN :- ipa.ipadomain.local
> > > > IPA server hostname:- ilt-gif-ipa01.ipa.ipadomain.local
> > >
> > > When you call 'ipa trust-find' on the IPA server do you see the
> > > mydomain.com UPN suffix listed, like e.g.:
> > >
> > > # ipa trust-find
> > > ---------------
> > > 1 trust matched
> > > ---------------
> > > Realm-Name: ad.devel
> > > Domain NetBIOS name: AD
> > > Domain Security Identifier: S-1-5-21-3692237560-1981608775-3610128199
> > > Trust type: Active Directory domain
> > > UPN suffixes: alt.alt, alt.upn.suffix
> > >
> > > SSSD 1.14 and above on the IPA client should enable enterprise principal
> > > support automatically if UPN suffixes are found on the server but
> > > according to
> > >
> > > (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true]
> > > enterprise principal [false] offline [false] UPN [
> > Rajat.Gupta at MYDOMAIN.COM
> > > ]
> > >
> > > it is not. If the UPN suffixes are not know on the server, calling 'ipa
> > > trust-fetch-domains' might help to get them. If there are still no UPN
> > > suffixes
> > > available on the server you can switch on enterprise principal on the
> > > client
> > > manually by adding 'krb5_use_enterprise_principal = True' in the
> > > [domain/...]
> > > section of sssd.conf. You have to set it manually as well if you are
> > using
> > > older versions of SSSD.
> > >
> > > HTH
> > >
> > > bye,
> > > Sumit
> > >
> > > >
> > > >
> > > > I am able to login with AD user on IPA server. But on IPA clinet i am
> > not
> > > > able to login i am getting the login message "Access denied". I have
> > > > enabled the debug_level on sssd.conf on ipa clinet.
> > > >
> > > > below are some logs..
> > > > ================
> > > > /var/log/secure
> > > >
> > > > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_sss(sshd:auth):
> > > authentication
> > > > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x user=rg1989
> > > > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_sss(sshd:auth): received
> > for
> > > > user e600336: 6 (Permission denied)
> > > > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_winbind(sshd:auth): getting
> > > > password (0x00000010)
> > > > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_winbind(sshd:auth):
> > > > pam_get_item returned a password
> > > > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_winbind(sshd:auth):
> > internal
> > > > module error (retval = PAM_AUTHINFO_UNAVAIL(9), user = 'rg1989')
> > > > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: Failed password for e600336
> > from
> > > > x.x.x.x. port 48842 ssh2
> > > > ================
> > > >
> > > > ================
> > > > krb5_child.log
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4836]]]] [k5c_send_data]
> > > > (0x4000): Response sent.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4836]]]] [main] (0x0400):
> > > > krb5_child completed successfully
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x0400):
> > > > krb5_child started.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [unpack_buffer]
> > > > (0x1000): total buffer size: [159]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [unpack_buffer]
> > > > (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true]
> > > > enterprise principal [false] offline [false] UPN [
> > > Rajat.Gupta at MYDOMAIN.COM]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [unpack_buffer]
> > > > (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname:
> > > > [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [switch_creds]
> > > > (0x0200): Switch user to [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [switch_creds]
> > > > (0x0200): Switch user to [0][0].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [k5c_check_old_ccache] (0x4000): Ccache_file is
> > > > [KEYRING:persistent:1007656917] and is not active and TGT is valid.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [k5c_precreate_ccache] (0x4000): Recreating ccache
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_setup_fast]
> > > > (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
> > > > [host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [find_principal_in_keytab] (0x4000): Trying to find principal
> > > > host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL in keytab.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [match_principal]
> > > > (0x1000): Principal matched to the sample
> > > > (host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL).
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > [check_fast_ccache]
> > > > (0x0200): FAST TGT is still valid.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [become_user]
> > > > (0x0200): Trying to become user [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_setup]
> > > (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read
> > > [SSSD_KRB5_RENEWABLE_LIFETIME]
> > > > from environment.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> > > > environment.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to
> > > [true]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x0400):
> > > Will
> > > > perform online auth
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [tgt_req_child]
> > > > (0x1000): Attempting to get a TGT
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > [get_and_save_tgt]
> > > > (0x0400): Attempting kinit for realm [MYDOMAIN.COM]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.416687: Getting
> > > > initial credentials for Rajat.Gupta at MYDOMAIN.COM
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.418641: FAST
> > armor
> > > > ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.418698:
> > Retrieving
> > > > host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL ->
> > > > krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM
> > > > \@MYDOMAIN.COM at X-CACHECONF: from
> > > > MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result:
> > > > -1765328243/Matching credential not found
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.418756: Sending
> > > > request (164 bytes) to MYDOMAIN.COM
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419718: Retrying
> > AS
> > > > request with master KDC
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419752: Getting
> > > > initial credentials for Rajat.Gupta at MYDOMAIN.COM
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419778: FAST
> > armor
> > > > ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419821:
> > Retrieving
> > > > host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL ->
> > > > krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM
> > > > \@MYDOMAIN.COM at X-CACHECONF: from
> > > > MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result:
> > > > -1765328243/Matching credential not found
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419859: Sending
> > > > request (164 bytes) to MYDOMAIN.COM (master)
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > [get_and_save_tgt]
> > > > (0x0020): 1296: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM
> > "]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [map_krb5_error]
> > > > (0x0020): 1365: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM
> > "]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_send_data]
> > > > (0x0200): Received error code 1432158228
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> > > > [pack_response_packet] (0x2000): response packet size: [4]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_send_data]
> > > > (0x4000): Response sent.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x0400):
> > > > krb5_child completed successfully
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x0400):
> > > > krb5_child started.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [unpack_buffer]
> > > > (0x1000): total buffer size: [159]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [unpack_buffer]
> > > > (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true]
> > > > enterprise principal [false] offline [false] UPN [
> > > Rajat.Gupta at MYDOMAIN.COM]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [unpack_buffer]
> > > > (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname:
> > > > [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [switch_creds]
> > > > (0x0200): Switch user to [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [switch_creds]
> > > > (0x0200): Switch user to [0][0].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [k5c_check_old_ccache] (0x4000): Ccache_file is
> > > > [KEYRING:persistent:1007656917] and is not active and TGT is valid.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [k5c_precreate_ccache] (0x4000): Recreating ccache
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_setup_fast]
> > > > (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
> > > > [host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [find_principal_in_keytab] (0x4000): Trying to find principal
> > > > host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL in keytab.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [match_principal]
> > > > (0x1000): Principal matched to the sample
> > > > (host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL).
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > [check_fast_ccache]
> > > > (0x0200): FAST TGT is still valid.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [become_user]
> > > > (0x0200): Trying to become user [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_setup]
> > > (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read
> > > [SSSD_KRB5_RENEWABLE_LIFETIME]
> > > > from environment.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> > > > environment.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to
> > > [true]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x0400):
> > > Will
> > > > perform online auth
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [tgt_req_child]
> > > > (0x1000): Attempting to get a TGT
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > [get_and_save_tgt]
> > > > (0x0400): Attempting kinit for realm [MYDOMAIN.COM]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.426870: Getting
> > > > initial credentials for Rajat.Gupta at MYDOMAIN.COM
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.428706: FAST
> > armor
> > > > ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.428762:
> > Retrieving
> > > > host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL ->
> > > > krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM
> > > > \@MYDOMAIN.COM at X-CACHECONF: from
> > > > MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result:
> > > > -1765328243/Matching credential not found
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.428825: Sending
> > > > request (164 bytes) to MYDOMAIN.COM
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429706: Retrying
> > AS
> > > > request with master KDC
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429740: Getting
> > > > initial credentials for Rajat.Gupta at MYDOMAIN.COM
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429767: FAST
> > armor
> > > > ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429812:
> > Retrieving
> > > > host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL ->
> > > > krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM
> > > > \@MYDOMAIN.COM at X-CACHECONF: from
> > > > MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result:
> > > > -1765328243/Matching credential not found
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429854: Sending
> > > > request (164 bytes) to MYDOMAIN.COM (master)
> > > >
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > [get_and_save_tgt]
> > > > (0x0020): 1296: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM
> > "]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [map_krb5_error]
> > > > (0x0020): 1365: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM
> > "]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_send_data]
> > > > (0x0200): Received error code 1432158228
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> > > > [pack_response_packet] (0x2000): response packet size: [4]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_send_data]
> > > > (0x4000): Response sent.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x0400):
> > > > krb5_child completed successfully
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x0400):
> > > > krb5_child started.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [unpack_buffer]
> > > > (0x1000): total buffer size: [159]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [unpack_buffer]
> > > > (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true]
> > > > enterprise principal [false] offline [true] UPN [
> > > Rajat.Gupta at MYDOMAIN.COM]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [unpack_buffer]
> > > > (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname:
> > > > [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [switch_creds]
> > > > (0x0200): Switch user to [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
> > > > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [switch_creds]
> > > > (0x0200): Switch user to [0][0].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
> > > > [k5c_check_old_ccache] (0x4000): Ccache_file is
> > > > [KEYRING:persistent:1007656917] and is not active and TGT is valid.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [become_user]
> > > > (0x0200): Trying to become user [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [become_user]
> > > > (0x0200): Trying to become user [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [become_user]
> > > > (0x0200): Already user [1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [k5c_setup]
> > > (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read
> > > [SSSD_KRB5_RENEWABLE_LIFETIME]
> > > > from environment.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> > > > environment.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x0400):
> > > Will
> > > > perform offline auth
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
> > > [create_empty_ccache]
> > > > (0x1000): Existing ccache still valid, reusing
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [k5c_send_data]
> > > > (0x0200): Received error code 0
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
> > > > [pack_response_packet] (0x2000): response packet size: [53]
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [k5c_send_data]
> > > > (0x4000): Response sent.
> > > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x0400):
> > > > krb5_child completed successfully
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x0400):
> > > > krb5_child started.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [unpack_buffer]
> > > > (0x1000): total buffer size: [52]
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [unpack_buffer]
> > > > (0x0100): cmd [249] uid [1007656917] gid [1007656917] validate [true]
> > > > enterprise principal [false] offline [true] UPN [
> > > Rajat.Gupta at MYDOMAIN.COM]
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [become_user]
> > > > (0x0200): Trying to become user [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [become_user]
> > > > (0x0200): Trying to become user [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [become_user]
> > > > (0x0200): Already user [1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [k5c_setup]
> > > (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read
> > > [SSSD_KRB5_RENEWABLE_LIFETIME]
> > > > from environment.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> > > > environment.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x0400):
> > > Will
> > > > perform pre-auth
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [tgt_req_child]
> > > > (0x1000): Attempting to get a TGT
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > [get_and_save_tgt]
> > > > (0x0400): Attempting kinit for realm [MYDOMAIN.COM]
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.766694: Getting
> > > > initial credentials for Rajat.Gupta at MYDOMAIN.COM
> > > >
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.769074: Sending
> > > > request (164 bytes) to MYDOMAIN.COM
> > > >
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.770020: Retrying
> > AS
> > > > request with master KDC
> > > >
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.770051: Getting
> > > > initial credentials for Rajat.Gupta at MYDOMAIN.COM
> > > >
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > > > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.770091: Sending
> > > > request (164 bytes) to MYDOMAIN.COM (master)
> > > >
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > [get_and_save_tgt]
> > > > (0x0400): krb5_get_init_creds_password returned [-1765328230} during
> > > > pre-auth.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [k5c_send_data]
> > > > (0x0200): Received error code 0
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> > > > [pack_response_packet] (0x2000): response packet size: [4]
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [k5c_send_data]
> > > > (0x4000): Response sent.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x0400):
> > > > krb5_child completed successfully
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x0400):
> > > > krb5_child started.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [unpack_buffer]
> > > > (0x1000): total buffer size: [160]
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [unpack_buffer]
> > > > (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true]
> > > > enterprise principal [false] offline [true] UPN [
> > > Rajat.Gupta at MYDOMAIN.COM]
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [unpack_buffer]
> > > > (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname:
> > > > [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab]
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [switch_creds]
> > > > (0x0200): Switch user to [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
> > > > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [switch_creds]
> > > > (0x0200): Switch user to [0][0].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
> > > > [k5c_check_old_ccache] (0x4000): Ccache_file is
> > > > [KEYRING:persistent:1007656917] and is not active and TGT is valid.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [become_user]
> > > > (0x0200): Trying to become user [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [become_user]
> > > > (0x0200): Trying to become user [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [become_user]
> > > > (0x0200): Already user [1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [k5c_setup]
> > > (0x2000):
> > > > Running as [1007656917][1007656917].
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read
> > > [SSSD_KRB5_RENEWABLE_LIFETIME]
> > > > from environment.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
> > > > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> > > > environment.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x0400):
> > > Will
> > > > perform offline auth
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
> > > [create_empty_ccache]
> > > > (0x1000): Existing ccache still valid, reusing
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [k5c_send_data]
> > > > (0x0200): Received error code 0
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
> > > > [pack_response_packet] (0x2000): response packet size: [53]
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [k5c_send_data]
> > > > (0x4000): Response sent.
> > > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x0400):
> > > > krb5_child completed successfully
> > > >
> > > > =======================
> > > > Can you please help me to fix this,
> > >
> > > > --
> > > > Manage your subscription for the Freeipa-users mailing list:
> > > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > > Go to http://freeipa.org for more info on the project
> > >
> > >
> > >
> > > ------------------------------
> > >
> > > _______________________________________________
> > > Freeipa-users mailing list
> > > Freeipa-users at redhat.com
> > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > >
> > > End of Freeipa-users Digest, Vol 100, Issue 48
> > > **********************************************
> > >
> >
> >
> >
> > --
> >
> > *Rajat Gupta *
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <https://www.redhat.com/archives/freeipa-users/
> > attachments/20161116/ae006992/attachment.html>
> >
> > ------------------------------
> >
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> >
> > End of Freeipa-users Digest, Vol 100, Issue 49
> > **********************************************
> >
>
>
>
> --
>
> *Rajat Gupta *
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list