[Freeipa-users] This again :) - ssh authentication for users in complex AD forest - where am I going wrong?
Chris Dagdigian
dag at sonsorol.org
Tue Nov 22 16:17:37 UTC 2016
Sumit Bose wrote:
> Please send the full krb5_child.log with debug_level=10 in the
> [domain/...] section of sssd.conf. My current guess is the ticket
> validation fails. Which version of SSSD are you using?
>
> bye,
> Sumit
This is a CentOS 7 client running SSSD-1.13
Thank you. Lots of interesting info in this log. I've sanitized
hostnames, username and IP but that was it:
### log data below ####
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [main] (0x0400):
krb5_child started.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [unpack_buffer]
(0x1000): total buffer size: [52]
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [unpack_buffer]
(0x0100): cmd [249] uid [1843770609] gid [1843770609] validate [true]
enterprise principal [false] offline [false] UPN [username at COMPANY.ORG]
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [k5c_setup_fast]
(0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
[host/usaeilvdip001.company-aws.org at company-idm.org]
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[find_principal_in_keytab] (0x4000): Trying to find principal
host/usaeilvdip001.company-aws.org at company-idm.org in keytab.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [match_principal]
(0x1000): Principal matched to the sample
(host/usaeilvdip001.company-aws.org at company-idm.org).
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[check_fast_ccache] (0x0200): FAST TGT is still valid.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [become_user]
(0x0200): Trying to become user [1843770609][1843770609].
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [main] (0x2000):
Running as [1843770609][1843770609].
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [k5c_setup]
(0x2000): Running as [1843770609][1843770609].
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[set_lifetime_options] (0x0100): Cannot read
[SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
environment.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [main] (0x0400):
Will perform pre-auth
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [tgt_req_child]
(0x1000): Attempting to get a TGT
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [get_and_save_tgt]
(0x0400): Attempting kinit for realm [COMPANY.ORG]
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.455849: Getting
initial credentials for username at COMPANY.ORG
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.455913: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.455943: Retrieving
host/usaeilvdip001.company-aws.org at company-idm.org ->
krb5_ccache_conf_data/fast_avail/krbtgt\/COMPANY.ORG\@COMPANY.ORG at X-CACHECONF:
from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result:
-1765328243/Matching credential not found
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.455988: Sending
request (169 bytes) to COMPANY.ORG
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.456104: Resolving
hostname COMPANY.ORG
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.457461: Initiating
TCP connection to stream 192.141.1.62:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.544892: Sending
TCP request to stream 192.141.1.62:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.632904: Received
answer (118 bytes) from stream 192.141.1.62:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.632941:
Terminating TCP connection to stream 192.141.1.62:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.633006: Response
was from master KDC
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.633037: Received
error from KDC: -1765328316/Realm not local to KDC
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.633070: Following
referral to realm NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.633087: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.633137: Retrieving
host/usaeilvdip001.company-aws.org at company-idm.org ->
krb5_ccache_conf_data/fast_avail/krbtgt\/NAFTA.COMPANY.ORG\@NAFTA.COMPANY.ORG at X-CACHECONF:
from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result:
-1765328243/Matching credential not found
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.633176: Sending
request (181 bytes) to NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.638652: Resolving
hostname usetwadsfsmo04.nafta.COMPANY.ORG.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.639637: Sending
initial UDP request to dgram 192.189.131.31:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.657192: Received
answer (205 bytes) from dgram 192.189.131.31:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.657943: Response
was not from master KDC
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.657987: Received
error from KDC: -1765328359/Additional pre-authentication required
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.658021: Processing
preauth types: 16, 15, 19, 2
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.658041: Selected
etype info: etype aes256-cts, salt "NAFTA.COMPANY.ORGusername", params ""
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_krb5_prompter] (0x0020): Cannot handle password prompts.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.658071: Preauth
module encrypted_timestamp (2) (real) returned: -1765328254/Cannot read
password
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.658090: Retrying
AS request with master KDC
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.658098: Getting
initial credentials for username at COMPANY.ORG
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.658117: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.658141: Retrieving
host/usaeilvdip001.company-aws.org at company-idm.org ->
krb5_ccache_conf_data/fast_avail/krbtgt\/COMPANY.ORG\@COMPANY.ORG at X-CACHECONF:
from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result:
-1765328243/Matching credential not found
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.658164: Sending
request (169 bytes) to COMPANY.ORG (master)
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.658181: Resolving
hostname COMPANY.ORG
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.659023: Initiating
TCP connection to stream 192.189.131.10:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.675608: Sending
TCP request to stream 192.189.131.10:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.692668: Received
answer (118 bytes) from stream 192.189.131.10:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.692717:
Terminating TCP connection to stream 192.189.131.10:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.692773: Received
error from KDC: -1765328316/Realm not local to KDC
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.692789: Following
referral to realm NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.692806: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.692842: Retrieving
host/usaeilvdip001.company-aws.org at company-idm.org ->
krb5_ccache_conf_data/fast_avail/krbtgt\/NAFTA.COMPANY.ORG\@NAFTA.COMPANY.ORG at X-CACHECONF:
from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result:
-1765328243/Matching credential not found
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.692878: Sending
request (181 bytes) to NAFTA.COMPANY.ORG (master)
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [get_and_save_tgt]
(0x0400): krb5_get_init_creds_password returned [-1765328254} during
pre-auth.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [k5c_send_data]
(0x0200): Received error code 0
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]]
[pack_response_packet] (0x2000): response packet size: [4]
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [k5c_send_data]
(0x4000): Response sent.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [main] (0x0400):
krb5_child completed successfully
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [main] (0x0400):
krb5_child started.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [unpack_buffer]
(0x1000): total buffer size: [158]
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [unpack_buffer]
(0x0100): cmd [241] uid [1843770609] gid [1843770609] validate [true]
enterprise principal [false] offline [false] UPN [username at COMPANY.ORG]
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [unpack_buffer]
(0x0100): ccname: [KEYRING:persistent:1843770609] old_ccname:
[KEYRING:persistent:1843770609] keytab: [/etc/krb5.keytab]
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [switch_creds]
(0x0200): Switch user to [1843770609][1843770609].
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [switch_creds]
(0x0200): Switch user to [0][0].
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[k5c_check_old_ccache] (0x4000): Ccache_file is
[KEYRING:persistent:1843770609] and is not active and TGT is valid.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[k5c_precreate_ccache] (0x4000): Recreating ccache
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [k5c_setup_fast]
(0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
[host/usaeilvdip001.company-aws.org at company-idm.org]
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[find_principal_in_keytab] (0x4000): Trying to find principal
host/usaeilvdip001.company-aws.org at company-idm.org in keytab.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [match_principal]
(0x1000): Principal matched to the sample
(host/usaeilvdip001.company-aws.org at company-idm.org).
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[check_fast_ccache] (0x0200): FAST TGT is still valid.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [become_user]
(0x0200): Trying to become user [1843770609][1843770609].
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [main] (0x2000):
Running as [1843770609][1843770609].
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [k5c_setup]
(0x2000): Running as [1843770609][1843770609].
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[set_lifetime_options] (0x0100): Cannot read
[SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
environment.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [main] (0x0400):
Will perform online auth
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [tgt_req_child]
(0x1000): Attempting to get a TGT
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [get_and_save_tgt]
(0x0400): Attempting kinit for realm [COMPANY.ORG]
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.708701: Getting
initial credentials for username at COMPANY.ORG
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.708766: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.708797: Retrieving
host/usaeilvdip001.company-aws.org at company-idm.org ->
krb5_ccache_conf_data/fast_avail/krbtgt\/COMPANY.ORG\@COMPANY.ORG at X-CACHECONF:
from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result:
-1765328243/Matching credential not found
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.708845: Sending
request (169 bytes) to COMPANY.ORG
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.708968: Resolving
hostname COMPANY.ORG
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.710135: Initiating
TCP connection to stream 192.141.1.63:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.796151: Sending
TCP request to stream 192.141.1.63:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.882766: Received
answer (118 bytes) from stream 192.141.1.63:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.882802:
Terminating TCP connection to stream 192.141.1.63:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.882886: Response
was from master KDC
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.882924: Received
error from KDC: -1765328316/Realm not local to KDC
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.882941: Following
referral to realm NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.882956: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.882984: Retrieving
host/usaeilvdip001.company-aws.org at company-idm.org ->
krb5_ccache_conf_data/fast_avail/krbtgt\/NAFTA.COMPANY.ORG\@NAFTA.COMPANY.ORG at X-CACHECONF:
from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result:
-1765328243/Matching credential not found
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.883019: Sending
request (181 bytes) to NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.888739: Resolving
hostname usetwadsgc06.nafta.COMPANY.ORG.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.889684: Sending
initial UDP request to dgram 192.189.132.21:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.911271: Received
answer (205 bytes) from dgram 192.189.132.21:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.912054: Response
was not from master KDC
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.912092: Received
error from KDC: -1765328359/Additional pre-authentication required
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.912126: Processing
preauth types: 16, 15, 19, 2
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.912145: Selected
etype info: etype aes256-cts, salt "NAFTA.COMPANY.ORGusername", params ""
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.920736: AS key
obtained for encrypted timestamp: aes256-cts/3D3B
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.920813: Encrypted
timestamp (for 1479830563.304057): plain
301AA011180F32303136313132323136303234335AA105020304A3B9, encrypted
D2B644646EA65470D011BB1C63145BAB3DB096C644CC47DD7D23A2C4E51C4F42357493825530FFF5E852DEE96D794CD33492279CB85A8E8D
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.920835: Preauth
module encrypted_timestamp (2) (real) returned: 0/Success
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.920843: Produced
preauth for next request: 2
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.920879: Sending
request (260 bytes) to NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.926274: Resolving
hostname usetwadsgc06.nafta.COMPANY.ORG.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.927107: Sending
initial UDP request to dgram 192.189.132.21:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.946258: Received
answer (108 bytes) from dgram 192.189.132.21:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.947022: Response
was not from master KDC
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.947057: Received
error from KDC: -1765328332/Response too big for UDP, retry with TCP
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.947068: Request or
response is too big for UDP; retrying with TCP
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.947078: Sending
request (260 bytes) to NAFTA.COMPANY.ORG (tcp only)
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.949638: Resolving
hostname usetwadsfsmo03.nafta.COMPANY.ORG.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.950847: Initiating
TCP connection to stream 192.189.131.30:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.967068: Sending
TCP request to stream 192.189.131.30:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.985509: Received
answer (2127 bytes) from stream 192.189.131.30:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.985549:
Terminating TCP connection to stream 192.189.131.30:88
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986327: Response
was not from master KDC
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986373: Processing
preauth types: 19
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986395: Selected
etype info: etype aes256-cts, salt "NAFTA.COMPANY.ORGusername", params ""
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986405: Produced
preauth for next request: (empty)
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986416: AS key
determined by preauth: aes256-cts/3D3B
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986487: Decrypted
AS reply; session key is: aes256-cts/6F15
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986501: FAST
negotiation: unavailable
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_krb5_expire_callback_func] (0x2000): exp_time: [3966065]
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [validate_tgt]
(0x2000): Keytab entry with the realm of the credential not found in
keytab. Using the last entry.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986574: Retrieving
host/usaeilvdip001.company-aws.org at company-idm.org from
MEMORY:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986582: Resolving
unique ccache of type MEMORY
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986596:
Initializing MEMORY:yWXP1Fr with default princ username at NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986605: Storing
username at NAFTA.COMPANY.ORG -> krbtgt/NAFTA.COMPANY.ORG at NAFTA.COMPANY.ORG
in MEMORY:yWXP1Fr
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986624: Getting
credentials username at NAFTA.COMPANY.ORG ->
host/usaeilvdip001.company-aws.org at company-idm.org using ccache
MEMORY:yWXP1Fr
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986650: Retrieving
username at NAFTA.COMPANY.ORG ->
host/usaeilvdip001.company-aws.org at company-idm.org from MEMORY:yWXP1Fr
with result: -1765328243/Matching credential not found
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986665: Retrieving
username at NAFTA.COMPANY.ORG -> krbtgt/company-idm.org at company-idm.org
from MEMORY:yWXP1Fr with result: -1765328243/Matching credential not found
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986679: Retrieving
username at NAFTA.COMPANY.ORG -> krbtgt/NAFTA.COMPANY.ORG at NAFTA.COMPANY.ORG
from MEMORY:yWXP1Fr with result: 0/Success
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986687: Starting
with TGT for client realm: username at NAFTA.COMPANY.ORG ->
krbtgt/NAFTA.COMPANY.ORG at NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986702: Retrieving
username at NAFTA.COMPANY.ORG -> krbtgt/company-idm.org at company-idm.org
from MEMORY:yWXP1Fr with result: -1765328243/Matching credential not found
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986711: Requesting
TGT krbtgt/company-idm.org at NAFTA.COMPANY.ORG using TGT
krbtgt/NAFTA.COMPANY.ORG at NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986728: Generated
subkey for TGS request: aes256-cts/52B3
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986768: etypes
requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1,
rc4-hmac, camellia128-cts, camellia256-cts
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986829: Encoding
request body and padata into FAST request
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986884: Sending
request (2297 bytes) to NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.992252: Resolving
hostname usetwadsfsmo04.nafta.COMPANY.ORG.
(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.993077: Sending
initial UDP request to dgram 192.189.131.31:88
(Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830564.10283: Received
answer (105 bytes) from dgram 192.189.131.31:88
(Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830564.11260: Response
was not from master KDC
(Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830564.11300: TGS request
result: -1765328377/Server not found in Kerberos database
(Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]]
[sss_child_krb5_trace_cb] (0x4000): [4367] 1479830564.11322: Destroying
ccache MEMORY:yWXP1Fr
(Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]] [validate_tgt]
(0x0020): TGT failed verification using key for
[host/usaeilvdip001.company-aws.org at company-idm.org].
(Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]] [get_and_save_tgt]
(0x0020): 1242: [-1765328377][Server not found in Kerberos database]
(Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]] [map_krb5_error]
(0x0020): 1303: [-1765328377][Server not found in Kerberos database]
(Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]] [k5c_send_data]
(0x0200): Received error code 1432158209
(Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]]
[pack_response_packet] (0x2000): response packet size: [20]
(Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]] [k5c_send_data]
(0x4000): Response sent.
(Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]] [main] (0x0400):
krb5_child completed successfully
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [main] (0x0400):
krb5_child started.
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [unpack_buffer]
(0x1000): total buffer size: [52]
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [unpack_buffer]
(0x0100): cmd [249] uid [1843770609] gid [1843770609] validate [true]
enterprise principal [false] offline [false] UPN [username at COMPANY.ORG]
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [k5c_setup_fast]
(0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
[host/usaeilvdip001.company-aws.org at company-idm.org]
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[find_principal_in_keytab] (0x4000): Trying to find principal
host/usaeilvdip001.company-aws.org at company-idm.org in keytab.
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [match_principal]
(0x1000): Principal matched to the sample
(host/usaeilvdip001.company-aws.org at company-idm.org).
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[check_fast_ccache] (0x0200): FAST TGT is still valid.
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [become_user]
(0x0200): Trying to become user [1843770609][1843770609].
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [main] (0x2000):
Running as [1843770609][1843770609].
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [k5c_setup]
(0x2000): Running as [1843770609][1843770609].
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[set_lifetime_options] (0x0100): Cannot read
[SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
environment.
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [main] (0x0400):
Will perform pre-auth
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [tgt_req_child]
(0x1000): Attempting to get a TGT
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [get_and_save_tgt]
(0x0400): Attempting kinit for realm [COMPANY.ORG]
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.646744: Getting
initial credentials for username at COMPANY.ORG
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.646810: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.646840: Retrieving
host/usaeilvdip001.company-aws.org at company-idm.org ->
krb5_ccache_conf_data/fast_avail/krbtgt\/COMPANY.ORG\@COMPANY.ORG at X-CACHECONF:
from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result:
-1765328243/Matching credential not found
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.646884: Sending
request (169 bytes) to COMPANY.ORG
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.647003: Resolving
hostname COMPANY.ORG
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.648291: Initiating
TCP connection to stream 192.141.1.10:88
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.734271: Sending
TCP request to stream 192.141.1.10:88
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.820703: Received
answer (118 bytes) from stream 192.141.1.10:88
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.820748:
Terminating TCP connection to stream 192.141.1.10:88
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.820812: Response
was from master KDC
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.820843: Received
error from KDC: -1765328316/Realm not local to KDC
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.820866: Following
referral to realm NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.820888: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.820931: Retrieving
host/usaeilvdip001.company-aws.org at company-idm.org ->
krb5_ccache_conf_data/fast_avail/krbtgt\/NAFTA.COMPANY.ORG\@NAFTA.COMPANY.ORG at X-CACHECONF:
from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result:
-1765328243/Matching credential not found
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.820969: Sending
request (181 bytes) to NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.827033: Resolving
hostname usetwadsgc06.nafta.COMPANY.ORG.
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.827943: Sending
initial UDP request to dgram 192.189.132.21:88
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.847365: Received
answer (205 bytes) from dgram 192.189.132.21:88
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848133: Response
was not from master KDC
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848172: Received
error from KDC: -1765328359/Additional pre-authentication required
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848215: Processing
preauth types: 16, 15, 19, 2
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848235: Selected
etype info: etype aes256-cts, salt "NAFTA.COMPANY.ORGusername", params ""
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_krb5_prompter] (0x0020): Cannot handle password prompts.
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848264: Preauth
module encrypted_timestamp (2) (real) returned: -1765328254/Cannot read
password
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848283: Retrying
AS request with master KDC
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848291: Getting
initial credentials for username at COMPANY.ORG
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848309: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848331: Retrieving
host/usaeilvdip001.company-aws.org at company-idm.org ->
krb5_ccache_conf_data/fast_avail/krbtgt\/COMPANY.ORG\@COMPANY.ORG at X-CACHECONF:
from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result:
-1765328243/Matching credential not found
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848355: Sending
request (169 bytes) to COMPANY.ORG (master)
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848371: Resolving
hostname COMPANY.ORG
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.849169: Initiating
TCP connection to stream 192.189.131.28:88
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.866111: Sending
TCP request to stream 192.189.131.28:88
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.883592: Received
answer (118 bytes) from stream 192.189.131.28:88
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.883625:
Terminating TCP connection to stream 192.189.131.28:88
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.883676: Received
error from KDC: -1765328316/Realm not local to KDC
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.883692: Following
referral to realm NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.883709: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.883744: Retrieving
host/usaeilvdip001.company-aws.org at company-idm.org ->
krb5_ccache_conf_data/fast_avail/krbtgt\/NAFTA.COMPANY.ORG\@NAFTA.COMPANY.ORG at X-CACHECONF:
from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result:
-1765328243/Matching credential not found
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.883778: Sending
request (181 bytes) to NAFTA.COMPANY.ORG (master)
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [get_and_save_tgt]
(0x0400): krb5_get_init_creds_password returned [-1765328254} during
pre-auth.
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [k5c_send_data]
(0x0200): Received error code 0
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]]
[pack_response_packet] (0x2000): response packet size: [4]
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [k5c_send_data]
(0x4000): Response sent.
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [main] (0x0400):
krb5_child completed successfully
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [main] (0x0400):
krb5_child started.
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [unpack_buffer]
(0x1000): total buffer size: [158]
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [unpack_buffer]
(0x0100): cmd [241] uid [1843770609] gid [1843770609] validate [true]
enterprise principal [false] offline [false] UPN [username at COMPANY.ORG]
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [unpack_buffer]
(0x0100): ccname: [KEYRING:persistent:1843770609] old_ccname:
[KEYRING:persistent:1843770609] keytab: [/etc/krb5.keytab]
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [switch_creds]
(0x0200): Switch user to [1843770609][1843770609].
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]]
[sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [switch_creds]
(0x0200): Switch user to [0][0].
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]]
[k5c_check_old_ccache] (0x4000): Ccache_file is
[KEYRING:persistent:1843770609] and is not active and TGT is valid.
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]]
[k5c_precreate_ccache] (0x4000): Recreating ccache
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [k5c_setup_fast]
(0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
[host/usaeilvdip001.company-aws.org at company-idm.org]
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]]
[find_principal_in_keytab] (0x4000): Trying to find principal
host/usaeilvdip001.company-aws.org at company-idm.org in keytab.
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [match_principal]
(0x1000): Principal matched to the sample
(host/usaeilvdip001.company-aws.org at company-idm.org).
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]]
[check_fast_ccache] (0x0200): FAST TGT is still valid.
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [become_user]
(0x0200): Trying to become user [1843770609][1843770609].
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [main] (0x2000):
Running as [1843770609][1843770609].
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [k5c_setup]
(0x2000): Running as [1843770609][1843770609].
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]]
[set_lifetime_options] (0x0100): Cannot read
[SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
environment.
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]]
[set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [main] (0x0400):
Will perform online auth
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [tgt_req_child]
(0x1000): Attempting to get a TGT
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [get_and_save_tgt]
(0x0400): Attempting kinit for realm [COMPANY.ORG]
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830567.899271: Getting
initial credentials for username at COMPANY.ORG
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830567.899337: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830567.899368: Retrieving
host/usaeilvdip001.company-aws.org at company-idm.org ->
krb5_ccache_conf_data/fast_avail/krbtgt\/COMPANY.ORG\@COMPANY.ORG at X-CACHECONF:
from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result:
-1765328243/Matching credential not found
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830567.899415: Sending
request (169 bytes) to COMPANY.ORG
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830567.899575: Resolving
hostname COMPANY.ORG
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830567.900935: Initiating
TCP connection to stream 192.141.1.15:88
(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830567.987925: Sending
TCP request to stream 192.141.1.15:88
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.75357: Received
answer (118 bytes) from stream 192.141.1.15:88
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.75404: Terminating
TCP connection to stream 192.141.1.15:88
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.75502: Response
was from master KDC
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.75529: Received
error from KDC: -1765328316/Realm not local to KDC
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.75544: Following
referral to realm NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.75559: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.75586: Retrieving
host/usaeilvdip001.company-aws.org at company-idm.org ->
krb5_ccache_conf_data/fast_avail/krbtgt\/NAFTA.COMPANY.ORG\@NAFTA.COMPANY.ORG at X-CACHECONF:
from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result:
-1765328243/Matching credential not found
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.75621: Sending
request (181 bytes) to NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.81119: Resolving
hostname usetwadsfsmo03.nafta.COMPANY.ORG.
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.81947: Sending
initial UDP request to dgram 192.189.131.30:88
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.99200: Received
answer (205 bytes) from dgram 192.189.131.30:88
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.100064: Response
was not from master KDC
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.100103: Received
error from KDC: -1765328359/Additional pre-authentication required
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.100136: Processing
preauth types: 16, 15, 19, 2
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.100155: Selected
etype info: etype aes256-cts, salt "NAFTA.COMPANY.ORGusername", params ""
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.108691: AS key
obtained for encrypted timestamp: aes256-cts/3D3B
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.108766: Encrypted
timestamp (for 1479830568.478875): plain
301AA011180F32303136313132323136303234385AA1050203074E9B, encrypted
133359586FCB362BF70E6CC90D509C68D6B19903CE0113AD37826E22256090F77B2B7F0BE410C1D7E72F890C437A77FE4BE1DA21848F6209
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.108787: Preauth
module encrypted_timestamp (2) (real) returned: 0/Success
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.108794: Produced
preauth for next request: 2
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.108829: Sending
request (260 bytes) to NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.114751: Resolving
hostname usetwadsfsmo03.nafta.COMPANY.ORG.
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.115601: Sending
initial UDP request to dgram 192.189.131.30:88
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.133353: Received
answer (108 bytes) from dgram 192.189.131.30:88
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.134326: Response
was not from master KDC
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.134360: Received
error from KDC: -1765328332/Response too big for UDP, retry with TCP
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.134370: Request or
response is too big for UDP; retrying with TCP
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.134379: Sending
request (260 bytes) to NAFTA.COMPANY.ORG (tcp only)
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.137246: Resolving
hostname friawadsgc12.nafta.COMPANY.ORG.
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.138084: Initiating
TCP connection to stream 192.141.1.52:88
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.224054: Sending
TCP request to stream 192.141.1.52:88
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.311440: Received
answer (2178 bytes) from stream 192.141.1.52:88
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.311483:
Terminating TCP connection to stream 192.141.1.52:88
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312325: Response
was not from master KDC
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312369: Processing
preauth types: 19
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312381: Selected
etype info: etype aes256-cts, salt "NAFTA.COMPANY.ORGusername", params ""
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312390: Produced
preauth for next request: (empty)
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312401: AS key
determined by preauth: aes256-cts/3D3B
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312459: Decrypted
AS reply; session key is: aes256-cts/43A1
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312498: FAST
negotiation: unavailable
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_krb5_expire_callback_func] (0x2000): exp_time: [3966060]
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [validate_tgt]
(0x2000): Keytab entry with the realm of the credential not found in
keytab. Using the last entry.
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312579: Retrieving
host/usaeilvdip001.company-aws.org at company-idm.org from
MEMORY:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312588: Resolving
unique ccache of type MEMORY
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312602:
Initializing MEMORY:Fnv4hCg with default princ username at NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312621: Storing
username at NAFTA.COMPANY.ORG -> krbtgt/NAFTA.COMPANY.ORG at NAFTA.COMPANY.ORG
in MEMORY:Fnv4hCg
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312642: Getting
credentials username at NAFTA.COMPANY.ORG ->
host/usaeilvdip001.company-aws.org at company-idm.org using ccache
MEMORY:Fnv4hCg
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312668: Retrieving
username at NAFTA.COMPANY.ORG ->
host/usaeilvdip001.company-aws.org at company-idm.org from MEMORY:Fnv4hCg
with result: -1765328243/Matching credential not found
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312683: Retrieving
username at NAFTA.COMPANY.ORG -> krbtgt/company-idm.org at company-idm.org
from MEMORY:Fnv4hCg with result: -1765328243/Matching credential not found
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312698: Retrieving
username at NAFTA.COMPANY.ORG -> krbtgt/NAFTA.COMPANY.ORG at NAFTA.COMPANY.ORG
from MEMORY:Fnv4hCg with result: 0/Success
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312706: Starting
with TGT for client realm: username at NAFTA.COMPANY.ORG ->
krbtgt/NAFTA.COMPANY.ORG at NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312721: Retrieving
username at NAFTA.COMPANY.ORG -> krbtgt/company-idm.org at company-idm.org
from MEMORY:Fnv4hCg with result: -1765328243/Matching credential not found
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312729: Requesting
TGT krbtgt/company-idm.org at NAFTA.COMPANY.ORG using TGT
krbtgt/NAFTA.COMPANY.ORG at NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312747: Generated
subkey for TGS request: aes256-cts/57A1
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312787: etypes
requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1,
rc4-hmac, camellia128-cts, camellia256-cts
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312840: Encoding
request body and padata into FAST request
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312894: Sending
request (2313 bytes) to NAFTA.COMPANY.ORG
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.318783: Resolving
hostname friawadsgc02.nafta.COMPANY.ORG.
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.319777: Sending
initial UDP request to dgram 192.141.1.11:88
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.406882: Received
answer (105 bytes) from dgram 192.141.1.11:88
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.407810: Response
was not from master KDC
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.407847: TGS
request result: -1765328377/Server not found in Kerberos database
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.407869: Destroying
ccache MEMORY:Fnv4hCg
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [validate_tgt]
(0x0020): TGT failed verification using key for
[host/usaeilvdip001.company-aws.org at company-idm.org].
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [get_and_save_tgt]
(0x0020): 1242: [-1765328377][Server not found in Kerberos database]
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [map_krb5_error]
(0x0020): 1303: [-1765328377][Server not found in Kerberos database]
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [k5c_send_data]
(0x0200): Received error code 1432158209
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]]
[pack_response_packet] (0x2000): response packet size: [20]
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [k5c_send_data]
(0x4000): Response sent.
(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [main] (0x0400):
krb5_child completed successfully
[root at usaeilvdip001 sssd]#
More information about the Freeipa-users
mailing list