[Freeipa-users] Freeipa-users Digest, Vol 100, Issue 48
rajat gupta
rajat.linux at gmail.com
Fri Nov 18 11:09:41 UTC 2016
Hi,
I removed the pam_winbind module. User are able to login now. But some time
they are not. Below are logs when user are not able to login. Also SSH
login is very slow for AD user. I am using sssd 1.4
=============================
rpm -qa | grep sssd
sssd-krb5-common-1.14.0-43.el7.x86_64
python-sssdconfig-1.14.0-43.el7.noarch
sssd-ldap-1.14.0-43.el7.x86_64
sssd-client-1.14.0-43.el7.x86_64
sssd-ipa-1.14.0-43.el7.x86_64
sssd-proxy-1.14.0-43.el7.x86_64
sssd-common-1.14.0-43.el7.x86_64
sssd-ad-1.14.0-43.el7.x86_64
sssd-1.14.0-43.el7.x86_64
sssd-krb5-1.14.0-43.el7.x86_64
sssd-common-pac-1.14.0-43.el7.x86_64
===========================
=====================================
My sssd.conf on ipa clinet
cat /etc/sssd/sssd.conf
[domain/ipa.preprod.local]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipa.ipadomain.local
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = ilt-gif-ipa02.ipa.ipadomain.local
chpass_provider = ipa
ipa_server = _srv_, ilt-gif-ipa01.ipa.ipadomain.local
ldap_tls_cacert = /etc/ipa/ca.crt
debug_level = 10
krb5_use_enterprise_principal = True
[sssd]
default_domain_suffix = corp.addomain.com
services = nss, sudo, pam, ssh
domains = ipa.ipadomain.local
debug_level = 10
[nss]
override_homedir = /home/%u
debug_level = 10
[pam]
debug_level = 10
[sudo]
[autofs]
[ssh]
debug_level = 10
[pac]
[ifp]
==============================================
/var/log/sssd/krb5_child.log
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]] [main] (0x0400):
krb5_child started.
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]] [unpack_buffer]
(0x1000): total buffer size: [63]
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]] [unpack_buffer]
(0x0100): cmd [249] uid [1007629326] gid [1007629326] validate [true]
enterprise principal [false] offline [true] UPN [Subaranchan.T at MYDOMAON.COM]
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]] [become_user]
(0x0200): Trying to become user [1007629326][1007629326].
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]] [main] (0x2000):
Running as [1007629326][1007629326].
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]] [become_user]
(0x0200): Trying to become user [1007629326][1007629326].
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]] [become_user]
(0x0200): Already user [1007629326].
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]] [k5c_setup]
(0x2000): Running as [1007629326][1007629326].
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
from environment.
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
environment.
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]] [main] (0x0400):
Will perform pre-auth
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]] [tgt_req_child]
(0x1000): Attempting to get a TGT
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]] [get_and_save_tgt]
(0x0400): Attempting kinit for realm [MYDOMAON.COM]
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]]
[sss_child_krb5_trace_cb] (0x4000): [16083] 1479465985.794345: Getting
initial credentials for Subaranchan.T at MYDOMAON.COM
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]]
[sss_child_krb5_trace_cb] (0x4000): [16083] 1479465985.796449: Sending
request (176 bytes) to MYDOMAON.COM
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]]
[sss_child_krb5_trace_cb] (0x4000): [16083] 1479465985.797433: Retrying AS
request with master KDC
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]]
[sss_child_krb5_trace_cb] (0x4000): [16083] 1479465985.797466: Getting
initial credentials for Subaranchan.T at MYDOMAON.COM
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]]
[sss_child_krb5_trace_cb] (0x4000): [16083] 1479465985.797508: Sending
request (176 bytes) to MYDOMAON.COM (master)
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]] [get_and_save_tgt]
(0x0400): krb5_get_init_creds_password returned [-1765328230} during
pre-auth.
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]] [k5c_send_data]
(0x0200): Received error code 0
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]]
[pack_response_packet] (0x2000): response packet size: [4]
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]] [k5c_send_data]
(0x4000): Response sent.
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16083]]]] [main] (0x0400):
krb5_child completed successfully
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]] [main] (0x0400):
krb5_child started.
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]] [unpack_buffer]
(0x1000): total buffer size: [168]
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]] [unpack_buffer]
(0x0100): cmd [241] uid [1007629326] gid [1007629326] validate [true]
enterprise principal [false] offline [true] UPN [Subaranchan.T at MYDOMAON.COM]
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]] [unpack_buffer]
(0x0100): ccname: [KEYRING:persistent:1007629326] old_ccname:
[KEYRING:persistent:1007629326] keytab: [/etc/krb5.keytab]
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]] [switch_creds]
(0x0200): Switch user to [1007629326][1007629326].
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]]
[sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]] [switch_creds]
(0x0200): Switch user to [0][0].
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]]
[k5c_check_old_ccache] (0x4000): Ccache_file is
[KEYRING:persistent:1007629326] and is active and TGT is valid.
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]] [become_user]
(0x0200): Trying to become user [1007629326][1007629326].
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]] [main] (0x2000):
Running as [1007629326][1007629326].
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]] [become_user]
(0x0200): Trying to become user [1007629326][1007629326].
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]] [become_user]
(0x0200): Already user [1007629326].
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]] [k5c_setup]
(0x2000): Running as [1007629326][1007629326].
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
from environment.
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
environment.
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]] [main] (0x0400):
Will perform offline auth
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]]
[create_empty_ccache] (0x1000): Existing ccache still valid, reusing
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]] [k5c_send_data]
(0x0200): Received error code 0
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]]
[pack_response_packet] (0x2000): response packet size: [53]
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]] [k5c_send_data]
(0x4000): Response sent.
(Fri Nov 18 11:46:25 2016) [[sssd[krb5_child[16084]]]] [main] (0x0400):
krb5_child completed successfully
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]] [main] (0x0400):
krb5_child started.
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]] [unpack_buffer]
(0x1000): total buffer size: [63]
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]] [unpack_buffer]
(0x0100): cmd [249] uid [1007629326] gid [1007629326] validate [true]
enterprise principal [false] offline [true] UPN [Subaranchan.T at MYDOMAON.COM]
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]] [become_user]
(0x0200): Trying to become user [1007629326][1007629326].
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]] [main] (0x2000):
Running as [1007629326][1007629326].
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]] [become_user]
(0x0200): Trying to become user [1007629326][1007629326].
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]] [become_user]
(0x0200): Already user [1007629326].
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]] [k5c_setup]
(0x2000): Running as [1007629326][1007629326].
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
from environment.
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
environment.
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]] [main] (0x0400):
Will perform pre-auth
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]] [tgt_req_child]
(0x1000): Attempting to get a TGT
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]] [get_and_save_tgt]
(0x0400): Attempting kinit for realm [MYDOMAON.COM]
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]]
[sss_child_krb5_trace_cb] (0x4000): [16085] 1479465990.426010: Getting
initial credentials for Subaranchan.T at MYDOMAON.COM
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]]
[sss_child_krb5_trace_cb] (0x4000): [16085] 1479465990.428093: Sending
request (176 bytes) to MYDOMAON.COM
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]]
[sss_child_krb5_trace_cb] (0x4000): [16085] 1479465990.429220: Retrying AS
request with master KDC
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]]
[sss_child_krb5_trace_cb] (0x4000): [16085] 1479465990.429257: Getting
initial credentials for Subaranchan.T at MYDOMAON.COM
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]]
[sss_child_krb5_trace_cb] (0x4000): [16085] 1479465990.429319: Sending
request (176 bytes) to MYDOMAON.COM (master)
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]] [get_and_save_tgt]
(0x0400): krb5_get_init_creds_password returned [-1765328230} during
pre-auth.
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]] [k5c_send_data]
(0x0200): Received error code 0
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]]
[pack_response_packet] (0x2000): response packet size: [4]
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]] [k5c_send_data]
(0x4000): Response sent.
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16085]]]] [main] (0x0400):
krb5_child completed successfully
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]] [main] (0x0400):
krb5_child started.
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]] [unpack_buffer]
(0x1000): total buffer size: [168]
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]] [unpack_buffer]
(0x0100): cmd [241] uid [1007629326] gid [1007629326] validate [true]
enterprise principal [false] offline [true] UPN [Subaranchan.T at MYDOMAON.COM]
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]] [unpack_buffer]
(0x0100): ccname: [KEYRING:persistent:1007629326] old_ccname:
[KEYRING:persistent:1007629326] keytab: [/etc/krb5.keytab]
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]] [switch_creds]
(0x0200): Switch user to [1007629326][1007629326].
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]]
[sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]] [switch_creds]
(0x0200): Switch user to [0][0].
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]]
[k5c_check_old_ccache] (0x4000): Ccache_file is
[KEYRING:persistent:1007629326] and is active and TGT is valid.
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]] [become_user]
(0x0200): Trying to become user [1007629326][1007629326].
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]] [main] (0x2000):
Running as [1007629326][1007629326].
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]] [become_user]
(0x0200): Trying to become user [1007629326][1007629326].
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]] [become_user]
(0x0200): Already user [1007629326].
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]] [k5c_setup]
(0x2000): Running as [1007629326][1007629326].
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
from environment.
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
environment.
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]] [main] (0x0400):
Will perform offline auth
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]]
[create_empty_ccache] (0x1000): Existing ccache still valid, reusing
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]] [k5c_send_data]
(0x0200): Received error code 0
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]]
[pack_response_packet] (0x2000): response packet size: [53]
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]] [k5c_send_data]
(0x4000): Response sent.
(Fri Nov 18 11:46:30 2016) [[sssd[krb5_child[16086]]]] [main] (0x0400):
krb5_child completed successfully
/var/log/secure
Nov 18 11:46:30 ilt-gif-ipa02 sshd[16060]: pam_sss(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x
user=st1985
Nov 18 11:46:30 ilt-gif-ipa02 sshd[16060]: pam_sss(sshd:auth): received for
user st1985: 6 (Permission denied)
Nov 18 11:46:30 ilt-gif-ipa02 sshd[16060]: Failed password for et33015 from
x.x.x.x port 58568 ssh2
On Wed, Nov 16, 2016 at 2:31 PM, rajat gupta <rajat.linux at gmail.com> wrote:
> Thanks, It is working for few user but not for every one. I have cleared
> the sssd cache as well.
> =====================
> /var/log/secure
>
> Nov 16 14:06:39 ipa-clinet1 sshd[6852]: pam_sss(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.213.0.134
> user=kb1980
> Nov 16 14:06:39 ipa-clinet1 sshd[6852]: pam_sss(sshd:auth): received for
> user kb1980: 6 (Permission denied)
> Nov 16 14:06:39 ipa-clinet1 sshd[6852]: pam_winbind(sshd:auth): getting
> password (0x00000010)
> Nov 16 14:06:39 ipa-clinet1 sshd[6852]: pam_winbind(sshd:auth):
> pam_get_item returned a password
> Nov 16 14:06:39 ipa-clinet1 sshd[6852]: pam_winbind(sshd:auth): internal
> module error (retval = PAM_AUTHINFO_UNAVAIL(9), user = 'kb1980')
> Nov 16 14:06:39 ipa-clinet1 sshd[6852]: Failed password for kb1980 from
> 146.213.0.134 port 51114 ssh2
> Nov 16 14:06:48 ipa-clinet1 sshd[6852]: Connection closed by 146.213.0.134
> [preauth]
> Nov 16 14:07:07 ipa-clinet1 sshd[3677]: pam_unix(sshd:session): session
> closed for user kb1980
>
> ========================
> krb5_child.log
>
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [main] (0x0400):
> krb5_child started.
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [unpack_buffer]
> (0x1000): total buffer size: [54]
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [unpack_buffer]
> (0x0100): cmd [249] uid [1007628631] gid [1007628631] validate [true]
> enterprise principal [false] offline [true] UPN [karan.b at MYDOMAIN COM]
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [become_user]
> (0x0200): Trying to become user [1007628631][1007628631].
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [main] (0x2000):
> Running as [1007628631][1007628631].
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [become_user]
> (0x0200): Trying to become user [1007628631][1007628631].
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [become_user]
> (0x0200): Already user [1007628631].
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [k5c_setup]
> (0x2000): Running as [1007628631][1007628631].
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
> from environment.
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> environment.
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [main] (0x0400):
> Will perform pre-auth
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [tgt_req_child]
> (0x1000): Attempting to get a TGT
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [get_and_save_tgt]
> (0x0400): Attempting kinit for realm [MYDOMAIN COM]
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]]
> [sss_child_krb5_trace_cb] (0x4000): [6879] 1479301593.872554: Getting
> initial credentials for karan.b at MYDOMAIN COM
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]]
> [sss_child_krb5_trace_cb] (0x4000): [6879] 1479301593.874607: Sending
> request (167 bytes) to MYDOMAIN COM
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]]
> [sss_child_krb5_trace_cb] (0x4000): [6879] 1479301593.898179: Retrying AS
> request with master KDC
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]]
> [sss_child_krb5_trace_cb] (0x4000): [6879] 1479301593.898221: Getting
> initial credentials for karan.b at MYDOMAIN COM
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]]
> [sss_child_krb5_trace_cb] (0x4000): [6879] 1479301593.898291: Sending
> request (167 bytes) to MYDOMAIN COM (master)
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [get_and_save_tgt]
> (0x0400): krb5_get_init_creds_password returned [-1765328230} during
> pre-auth.
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [k5c_send_data]
> (0x0200): Received error code 0
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]]
> [pack_response_packet] (0x2000): response packet size: [4]
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [k5c_send_data]
> (0x4000): Response sent.
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6879]]]] [main] (0x0400):
> krb5_child completed successfully
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [main] (0x0400):
> krb5_child started.
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [unpack_buffer]
> (0x1000): total buffer size: [159]
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [unpack_buffer]
> (0x0100): cmd [241] uid [1007628631] gid [1007628631] validate [true]
> enterprise principal [false] offline [true] UPN [karan.b at MYDOMAIN COM]
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [unpack_buffer]
> (0x0100): ccname: [KEYRING:persistent:1007628631] old_ccname:
> [KEYRING:persistent:1007628631] keytab: [/etc/krb5.keytab]
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [switch_creds]
> (0x0200): Switch user to [1007628631][1007628631].
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]]
> [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [switch_creds]
> (0x0200): Switch user to [0][0].
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]]
> [k5c_check_old_ccache] (0x4000): Ccache_file is [KEYRING:persistent:1007628631]
> and is not active and TGT is valid.
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [become_user]
> (0x0200): Trying to become user [1007628631][1007628631].
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [main] (0x2000):
> Running as [1007628631][1007628631].
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [become_user]
> (0x0200): Trying to become user [1007628631][1007628631].
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [become_user]
> (0x0200): Already user [1007628631].
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [k5c_setup]
> (0x2000): Running as [1007628631][1007628631].
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
> from environment.
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> environment.
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [main] (0x0400):
> Will perform offline auth
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]]
> [create_empty_ccache] (0x1000): Existing ccache still valid, reusing
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [k5c_send_data]
> (0x0200): Received error code 0
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]]
> [pack_response_packet] (0x2000): response packet size: [53]
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [k5c_send_data]
> (0x4000): Response sent.
> (Wed Nov 16 14:06:33 2016) [[sssd[krb5_child[6880]]]] [main] (0x0400):
> krb5_child completed successfully
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [main] (0x0400):
> krb5_child started.
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [unpack_buffer]
> (0x1000): total buffer size: [54]
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [unpack_buffer]
> (0x0100): cmd [249] uid [1007628631] gid [1007628631] validate [true]
> enterprise principal [false] offline [true] UPN [karan.b at MYDOMAIN COM]
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [become_user]
> (0x0200): Trying to become user [1007628631][1007628631].
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [main] (0x2000):
> Running as [1007628631][1007628631].
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [become_user]
> (0x0200): Trying to become user [1007628631][1007628631].
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [become_user]
> (0x0200): Already user [1007628631].
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [k5c_setup]
> (0x2000): Running as [1007628631][1007628631].
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
> from environment.
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> environment.
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [main] (0x0400):
> Will perform pre-auth
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [tgt_req_child]
> (0x1000): Attempting to get a TGT
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [get_and_save_tgt]
> (0x0400): Attempting kinit for realm [MYDOMAIN COM]
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]]
> [sss_child_krb5_trace_cb] (0x4000): [6881] 1479301599.494908: Getting
> initial credentials for karan.b at MYDOMAIN COM
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]]
> [sss_child_krb5_trace_cb] (0x4000): [6881] 1479301599.496903: Sending
> request (167 bytes) to MYDOMAIN COM
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]]
> [sss_child_krb5_trace_cb] (0x4000): [6881] 1479301599.497962: Retrying AS
> request with master KDC
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]]
> [sss_child_krb5_trace_cb] (0x4000): [6881] 1479301599.497985: Getting
> initial credentials for karan.b at MYDOMAIN COM
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]]
> [sss_child_krb5_trace_cb] (0x4000): [6881] 1479301599.498026: Sending
> request (167 bytes) to MYDOMAIN COM (master)
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [get_and_save_tgt]
> (0x0400): krb5_get_init_creds_password returned [-1765328230} during
> pre-auth.
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [k5c_send_data]
> (0x0200): Received error code 0
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]]
> [pack_response_packet] (0x2000): response packet size: [4]
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [k5c_send_data]
> (0x4000): Response sent.
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6881]]]] [main] (0x0400):
> krb5_child completed successfully
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [main] (0x0400):
> krb5_child started.
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [unpack_buffer]
> (0x1000): total buffer size: [159]
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [unpack_buffer]
> (0x0100): cmd [241] uid [1007628631] gid [1007628631] validate [true]
> enterprise principal [false] offline [true] UPN [karan.b at MYDOMAIN COM]
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [unpack_buffer]
> (0x0100): ccname: [KEYRING:persistent:1007628631] old_ccname:
> [KEYRING:persistent:1007628631] keytab: [/etc/krb5.keytab]
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [switch_creds]
> (0x0200): Switch user to [1007628631][1007628631].
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]]
> [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [switch_creds]
> (0x0200): Switch user to [0][0].
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]]
> [k5c_check_old_ccache] (0x4000): Ccache_file is [KEYRING:persistent:1007628631]
> and is not active and TGT is valid.
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [become_user]
> (0x0200): Trying to become user [1007628631][1007628631].
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [main] (0x2000):
> Running as [1007628631][1007628631].
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [become_user]
> (0x0200): Trying to become user [1007628631][1007628631].
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [become_user]
> (0x0200): Already user [1007628631].
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [k5c_setup]
> (0x2000): Running as [1007628631][1007628631].
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
> from environment.
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> environment.
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [main] (0x0400):
> Will perform offline auth
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]]
> [create_empty_ccache] (0x1000): Existing ccache still valid, reusing
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [k5c_send_data]
> (0x0200): Received error code 0
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]]
> [pack_response_packet] (0x2000): response packet size: [53]
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [k5c_send_data]
> (0x4000): Response sent.
> (Wed Nov 16 14:06:39 2016) [[sssd[krb5_child[6882]]]] [main] (0x0400):
> krb5_child completed successfully
>
> On Wed, Nov 16, 2016 at 1:02 PM, <freeipa-users-request at redhat.com> wrote:
>
>> Send Freeipa-users mailing list submissions to
>> freeipa-users at redhat.com
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> or, via email, send a message with subject or body 'help' to
>> freeipa-users-request at redhat.com
>>
>> You can reach the person managing the list at
>> freeipa-users-owner at redhat.com
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Freeipa-users digest..."
>>
>>
>> Today's Topics:
>>
>> 1. Client x.x.xx - RFC 1918 response from Internet in
>> /var/log/messages (Bjarne Blichfeldt)
>> 2. Re: pam_winbind(sshd:auth): pam_get_item returned a password
>> (Sumit Bose)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Wed, 16 Nov 2016 11:56:05 +0000
>> From: Bjarne Blichfeldt <BJB at jndata.dk>
>> To: "freeipa-users at redhat.com" <freeipa-users at redhat.com>
>> Subject: [Freeipa-users] Client x.x.xx - RFC 1918 response from
>> Internet in /var/log/messages
>> Message-ID:
>> <89213DDB84447F44A8E8950A5C2185E0482EB1EE at SJN01013.jnmain00.
>> corp.jndata.net>
>>
>> Content-Type: text/plain; charset="us-ascii"
>>
>> Just updated a couple of free-ipa servers to:
>> ipa-server-dns-4.4.0-12.el7.noarch
>> redhat-release-server-7.3-7.el7.x86_64
>>
>> Before the update, I resolved the issue with RFC messages by:
>> /etc/named.conf:
>> options {
>> disable-empty-zone "10.in-addr.arpa.";
>> :
>>
>> Now after the update the RFS messages has returned. I read in the
>> changelog for 4.4 that this issue was resolved.
>> What did I miss?
>>
>>
>>
>>
>>
>>
>> Venlig hilsen
>>
>>
>> Bjarne Blichfeldt
>>
>>
>> Infrastructure Services
>>
>>
>>
>> Direkte +4563636119
>>
>>
>> Mobile +4521593270
>>
>>
>> BJB at jndata.dk
>>
>> [cid:image005.png at 01D24008.CA6EF0F0]
>>
>> JN Data A/S
>>
>> *
>>
>> Havsteensvej 4
>>
>> *
>>
>> 4000 Roskilde
>>
>>
>> Telefon 63 63 63 63/ Fax 63 63 63 64
>>
>>
>> www.jndata.dk
>>
>>
>> [cid:image006.png at 01D24008.CA6EF0F0]
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <https://www.redhat.com/archives/freeipa-users/attachments/
>> 20161116/46aeee39/attachment.html>
>> -------------- next part --------------
>> A non-text attachment was scrubbed...
>> Name: image005.png
>> Type: image/png
>> Size: 410 bytes
>> Desc: image005.png
>> URL: <https://www.redhat.com/archives/freeipa-users/attachments/
>> 20161116/46aeee39/attachment.png>
>> -------------- next part --------------
>> A non-text attachment was scrubbed...
>> Name: image006.png
>> Type: image/png
>> Size: 5487 bytes
>> Desc: image006.png
>> URL: <https://www.redhat.com/archives/freeipa-users/attachments/
>> 20161116/46aeee39/attachment-0001.png>
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Wed, 16 Nov 2016 13:01:59 +0100
>> From: Sumit Bose <sbose at redhat.com>
>> To: freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] pam_winbind(sshd:auth): pam_get_item
>> returned a password
>> Message-ID:
>> <20161116120159.GL28171 at p.Speedport_W_724V_Typ_A_05011603_00_009>
>> Content-Type: text/plain; charset=us-ascii
>>
>> On Wed, Nov 16, 2016 at 12:49:59PM +0100, rajat gupta wrote:
>> > I am using FreeIPA version 4.4.0 Active Directory trust setup. And on
>> > Active Directory side I am using UPN suffix.
>> > Following are my domain setup.
>> >
>> > AD DOMANIN :- corp.addomain.com
>> > UPN suffix :- username at mydomain.com
>> > IPA DOMAIN :- ipa.ipadomain.local
>> > IPA server hostname:- ilt-gif-ipa01.ipa.ipadomain.local
>>
>> When you call 'ipa trust-find' on the IPA server do you see the
>> mydomain.com UPN suffix listed, like e.g.:
>>
>> # ipa trust-find
>> ---------------
>> 1 trust matched
>> ---------------
>> Realm-Name: ad.devel
>> Domain NetBIOS name: AD
>> Domain Security Identifier: S-1-5-21-3692237560-1981608775-3610128199
>> Trust type: Active Directory domain
>> UPN suffixes: alt.alt, alt.upn.suffix
>>
>> SSSD 1.14 and above on the IPA client should enable enterprise principal
>> support automatically if UPN suffixes are found on the server but
>> according to
>>
>> (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true]
>> enterprise principal [false] offline [false] UPN [
>> Rajat.Gupta at MYDOMAIN.COM]
>>
>> it is not. If the UPN suffixes are not know on the server, calling 'ipa
>> trust-fetch-domains' might help to get them. If there are still no UPN
>> suffixes
>> available on the server you can switch on enterprise principal on the
>> client
>> manually by adding 'krb5_use_enterprise_principal = True' in the
>> [domain/...]
>> section of sssd.conf. You have to set it manually as well if you are using
>> older versions of SSSD.
>>
>> HTH
>>
>> bye,
>> Sumit
>>
>> >
>> >
>> > I am able to login with AD user on IPA server. But on IPA clinet i am
>> not
>> > able to login i am getting the login message "Access denied". I have
>> > enabled the debug_level on sssd.conf on ipa clinet.
>> >
>> > below are some logs..
>> > ================
>> > /var/log/secure
>> >
>> > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_sss(sshd:auth):
>> authentication
>> > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x user=rg1989
>> > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_sss(sshd:auth): received for
>> > user e600336: 6 (Permission denied)
>> > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_winbind(sshd:auth): getting
>> > password (0x00000010)
>> > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_winbind(sshd:auth):
>> > pam_get_item returned a password
>> > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_winbind(sshd:auth): internal
>> > module error (retval = PAM_AUTHINFO_UNAVAIL(9), user = 'rg1989')
>> > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: Failed password for e600336 from
>> > x.x.x.x. port 48842 ssh2
>> > ================
>> >
>> > ================
>> > krb5_child.log
>> >
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4836]]]] [k5c_send_data]
>> > (0x4000): Response sent.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4836]]]] [main] (0x0400):
>> > krb5_child completed successfully
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x0400):
>> > krb5_child started.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [unpack_buffer]
>> > (0x1000): total buffer size: [159]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [unpack_buffer]
>> > (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true]
>> > enterprise principal [false] offline [false] UPN [
>> Rajat.Gupta at MYDOMAIN.COM]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [unpack_buffer]
>> > (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname:
>> > [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [switch_creds]
>> > (0x0200): Switch user to [1007656917][1007656917].
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
>> > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [switch_creds]
>> > (0x0200): Switch user to [0][0].
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
>> > [k5c_check_old_ccache] (0x4000): Ccache_file is
>> > [KEYRING:persistent:1007656917] and is not active and TGT is valid.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
>> > [k5c_precreate_ccache] (0x4000): Recreating ccache
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_setup_fast]
>> > (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
>> > [host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
>> > [find_principal_in_keytab] (0x4000): Trying to find principal
>> > host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL in keytab.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [match_principal]
>> > (0x1000): Principal matched to the sample
>> > (host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL).
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
>> [check_fast_ccache]
>> > (0x0200): FAST TGT is still valid.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [become_user]
>> > (0x0200): Trying to become user [1007656917][1007656917].
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x2000):
>> > Running as [1007656917][1007656917].
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_setup]
>> (0x2000):
>> > Running as [1007656917][1007656917].
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
>> > [set_lifetime_options] (0x0100): Cannot read
>> [SSSD_KRB5_RENEWABLE_LIFETIME]
>> > from environment.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
>> > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
>> > environment.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
>> > [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to
>> [true]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x0400):
>> Will
>> > perform online auth
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [tgt_req_child]
>> > (0x1000): Attempting to get a TGT
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [get_and_save_tgt]
>> > (0x0400): Attempting kinit for realm [MYDOMAIN.COM]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.416687: Getting
>> > initial credentials for Rajat.Gupta at MYDOMAIN.COM
>> >
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.418641: FAST armor
>> > ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL
>> >
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.418698: Retrieving
>> > host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL ->
>> > krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM
>> > \@MYDOMAIN.COM at X-CACHECONF: from
>> > MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result:
>> > -1765328243/Matching credential not found
>> >
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.418756: Sending
>> > request (164 bytes) to MYDOMAIN.COM
>> >
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419718: Retrying
>> AS
>> > request with master KDC
>> >
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419752: Getting
>> > initial credentials for Rajat.Gupta at MYDOMAIN.COM
>> >
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419778: FAST armor
>> > ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL
>> >
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419821: Retrieving
>> > host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL ->
>> > krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM
>> > \@MYDOMAIN.COM at X-CACHECONF: from
>> > MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result:
>> > -1765328243/Matching credential not found
>> >
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419859: Sending
>> > request (164 bytes) to MYDOMAIN.COM (master)
>> >
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [get_and_save_tgt]
>> > (0x0020): 1296: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM"]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [map_krb5_error]
>> > (0x0020): 1365: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM"]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_send_data]
>> > (0x0200): Received error code 1432158228
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
>> > [pack_response_packet] (0x2000): response packet size: [4]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_send_data]
>> > (0x4000): Response sent.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x0400):
>> > krb5_child completed successfully
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x0400):
>> > krb5_child started.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [unpack_buffer]
>> > (0x1000): total buffer size: [159]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [unpack_buffer]
>> > (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true]
>> > enterprise principal [false] offline [false] UPN [
>> Rajat.Gupta at MYDOMAIN.COM]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [unpack_buffer]
>> > (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname:
>> > [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [switch_creds]
>> > (0x0200): Switch user to [1007656917][1007656917].
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
>> > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [switch_creds]
>> > (0x0200): Switch user to [0][0].
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
>> > [k5c_check_old_ccache] (0x4000): Ccache_file is
>> > [KEYRING:persistent:1007656917] and is not active and TGT is valid.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
>> > [k5c_precreate_ccache] (0x4000): Recreating ccache
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_setup_fast]
>> > (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
>> > [host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
>> > [find_principal_in_keytab] (0x4000): Trying to find principal
>> > host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL in keytab.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [match_principal]
>> > (0x1000): Principal matched to the sample
>> > (host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL).
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
>> [check_fast_ccache]
>> > (0x0200): FAST TGT is still valid.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [become_user]
>> > (0x0200): Trying to become user [1007656917][1007656917].
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x2000):
>> > Running as [1007656917][1007656917].
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_setup]
>> (0x2000):
>> > Running as [1007656917][1007656917].
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
>> > [set_lifetime_options] (0x0100): Cannot read
>> [SSSD_KRB5_RENEWABLE_LIFETIME]
>> > from environment.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
>> > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
>> > environment.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
>> > [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to
>> [true]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x0400):
>> Will
>> > perform online auth
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [tgt_req_child]
>> > (0x1000): Attempting to get a TGT
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [get_and_save_tgt]
>> > (0x0400): Attempting kinit for realm [MYDOMAIN.COM]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.426870: Getting
>> > initial credentials for Rajat.Gupta at MYDOMAIN.COM
>> >
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.428706: FAST armor
>> > ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL
>> >
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.428762: Retrieving
>> > host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL ->
>> > krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM
>> > \@MYDOMAIN.COM at X-CACHECONF: from
>> > MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result:
>> > -1765328243/Matching credential not found
>> >
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.428825: Sending
>> > request (164 bytes) to MYDOMAIN.COM
>> >
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429706: Retrying
>> AS
>> > request with master KDC
>> >
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429740: Getting
>> > initial credentials for Rajat.Gupta at MYDOMAIN.COM
>> >
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429767: FAST armor
>> > ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL
>> >
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429812: Retrieving
>> > host/ipa-clinet1.ipa.ipadomain.local at IPA.IPADOMAIN.LOCAL ->
>> > krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM
>> > \@MYDOMAIN.COM at X-CACHECONF: from
>> > MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result:
>> > -1765328243/Matching credential not found
>> >
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429854: Sending
>> > request (164 bytes) to MYDOMAIN.COM (master)
>> >
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [get_and_save_tgt]
>> > (0x0020): 1296: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM"]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [map_krb5_error]
>> > (0x0020): 1365: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM"]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_send_data]
>> > (0x0200): Received error code 1432158228
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
>> > [pack_response_packet] (0x2000): response packet size: [4]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_send_data]
>> > (0x4000): Response sent.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x0400):
>> > krb5_child completed successfully
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x0400):
>> > krb5_child started.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [unpack_buffer]
>> > (0x1000): total buffer size: [159]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [unpack_buffer]
>> > (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true]
>> > enterprise principal [false] offline [true] UPN [
>> Rajat.Gupta at MYDOMAIN.COM]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [unpack_buffer]
>> > (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname:
>> > [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [switch_creds]
>> > (0x0200): Switch user to [1007656917][1007656917].
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
>> > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [switch_creds]
>> > (0x0200): Switch user to [0][0].
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
>> > [k5c_check_old_ccache] (0x4000): Ccache_file is
>> > [KEYRING:persistent:1007656917] and is not active and TGT is valid.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [become_user]
>> > (0x0200): Trying to become user [1007656917][1007656917].
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x2000):
>> > Running as [1007656917][1007656917].
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [become_user]
>> > (0x0200): Trying to become user [1007656917][1007656917].
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [become_user]
>> > (0x0200): Already user [1007656917].
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [k5c_setup]
>> (0x2000):
>> > Running as [1007656917][1007656917].
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
>> > [set_lifetime_options] (0x0100): Cannot read
>> [SSSD_KRB5_RENEWABLE_LIFETIME]
>> > from environment.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
>> > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
>> > environment.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x0400):
>> Will
>> > perform offline auth
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
>> [create_empty_ccache]
>> > (0x1000): Existing ccache still valid, reusing
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [k5c_send_data]
>> > (0x0200): Received error code 0
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
>> > [pack_response_packet] (0x2000): response packet size: [53]
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [k5c_send_data]
>> > (0x4000): Response sent.
>> > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x0400):
>> > krb5_child completed successfully
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x0400):
>> > krb5_child started.
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [unpack_buffer]
>> > (0x1000): total buffer size: [52]
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [unpack_buffer]
>> > (0x0100): cmd [249] uid [1007656917] gid [1007656917] validate [true]
>> > enterprise principal [false] offline [true] UPN [
>> Rajat.Gupta at MYDOMAIN.COM]
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [become_user]
>> > (0x0200): Trying to become user [1007656917][1007656917].
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x2000):
>> > Running as [1007656917][1007656917].
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [become_user]
>> > (0x0200): Trying to become user [1007656917][1007656917].
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [become_user]
>> > (0x0200): Already user [1007656917].
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [k5c_setup]
>> (0x2000):
>> > Running as [1007656917][1007656917].
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
>> > [set_lifetime_options] (0x0100): Cannot read
>> [SSSD_KRB5_RENEWABLE_LIFETIME]
>> > from environment.
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
>> > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
>> > environment.
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x0400):
>> Will
>> > perform pre-auth
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [tgt_req_child]
>> > (0x1000): Attempting to get a TGT
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [get_and_save_tgt]
>> > (0x0400): Attempting kinit for realm [MYDOMAIN.COM]
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.766694: Getting
>> > initial credentials for Rajat.Gupta at MYDOMAIN.COM
>> >
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.769074: Sending
>> > request (164 bytes) to MYDOMAIN.COM
>> >
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.770020: Retrying
>> AS
>> > request with master KDC
>> >
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.770051: Getting
>> > initial credentials for Rajat.Gupta at MYDOMAIN.COM
>> >
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
>> > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.770091: Sending
>> > request (164 bytes) to MYDOMAIN.COM (master)
>> >
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [get_and_save_tgt]
>> > (0x0400): krb5_get_init_creds_password returned [-1765328230} during
>> > pre-auth.
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [k5c_send_data]
>> > (0x0200): Received error code 0
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
>> > [pack_response_packet] (0x2000): response packet size: [4]
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [k5c_send_data]
>> > (0x4000): Response sent.
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x0400):
>> > krb5_child completed successfully
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x0400):
>> > krb5_child started.
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [unpack_buffer]
>> > (0x1000): total buffer size: [160]
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [unpack_buffer]
>> > (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true]
>> > enterprise principal [false] offline [true] UPN [
>> Rajat.Gupta at MYDOMAIN.COM]
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [unpack_buffer]
>> > (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname:
>> > [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab]
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [switch_creds]
>> > (0x0200): Switch user to [1007656917][1007656917].
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
>> > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [switch_creds]
>> > (0x0200): Switch user to [0][0].
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
>> > [k5c_check_old_ccache] (0x4000): Ccache_file is
>> > [KEYRING:persistent:1007656917] and is not active and TGT is valid.
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [become_user]
>> > (0x0200): Trying to become user [1007656917][1007656917].
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x2000):
>> > Running as [1007656917][1007656917].
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [become_user]
>> > (0x0200): Trying to become user [1007656917][1007656917].
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [become_user]
>> > (0x0200): Already user [1007656917].
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [k5c_setup]
>> (0x2000):
>> > Running as [1007656917][1007656917].
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
>> > [set_lifetime_options] (0x0100): Cannot read
>> [SSSD_KRB5_RENEWABLE_LIFETIME]
>> > from environment.
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
>> > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
>> > environment.
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x0400):
>> Will
>> > perform offline auth
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
>> [create_empty_ccache]
>> > (0x1000): Existing ccache still valid, reusing
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [k5c_send_data]
>> > (0x0200): Received error code 0
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
>> > [pack_response_packet] (0x2000): response packet size: [53]
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [k5c_send_data]
>> > (0x4000): Response sent.
>> > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x0400):
>> > krb5_child completed successfully
>> >
>> > =======================
>> > Can you please help me to fix this,
>>
>> > --
>> > Manage your subscription for the Freeipa-users mailing list:
>> > https://www.redhat.com/mailman/listinfo/freeipa-users
>> > Go to http://freeipa.org for more info on the project
>>
>>
>>
>> ------------------------------
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>> End of Freeipa-users Digest, Vol 100, Issue 48
>> **********************************************
>>
>
>
>
> --
>
> *Rajat Gupta *
>
--
*Rajat Gupta *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161118/baac7ec0/attachment.htm>
More information about the Freeipa-users
mailing list