On Thu, Feb 11, 2021 at 10:20:45PM -0000, Mike Conner via FreeIPA-users wrote:
This additional bit from the logs indicates a failure to retireve a keytab:
(Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [main] (0x0400): Backend provider (ipa.domain.edu) started! (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sss_domain_get_state] (0x1000): Domain domain.edu is Active (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [ipa_server_trusted_dom_setup_send] (0x1000): Trust direction of subdom domain.edu from forest domain.edu is: one-way inbound: local domain trusts the remote domain (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [ipa_server_trusted_dom_setup_1way] (0x0400): Will re-fetch keytab for domain.edu (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [ipa_getkeytab_send] (0x0400): Retrieving keytab for IPA$@DOMAIN.EDU from test.ipa.domain.edu into /var/lib/sss/keytabs/domain.edu.keytabDHvyo4 using ccache /var/lib/sss/db/ccache_ipa.domain.edu (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [child_handler_setup] (0x2000): Setting up signal handler up for pid [80814] (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [child_handler_setup] (0x2000): Signal handler set up for pid [80814] (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_dispatch] (0x4000): dbus conn: 0x556b59a5db00 (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_dispatch] (0x4000): dbus conn: 0x556b59a5db00 (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] (0x4000): 0x556b59a20780/0x556b59a5d700 (14), R/- (disabled) (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] (0x4000): 0x556b59a20780/0x556b59a5d6b0 (14), -/W (enabled) (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] (0x4000): 0x556b59a20780/0x556b59a5d700 (14), R/- (enabled) (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] (0x4000): 0x556b59a20780/0x556b59a5d6b0 (14), -/W (disabled) (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] (0x4000): 0x556b59a20780/0x556b59a5d700 (14), R/- (disabled) (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] (0x4000): 0x556b59a20780/0x556b59a5d6b0 (14), -/W (enabled) (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] (0x4000): 0x556b59a20780/0x556b59a5d700 (14), R/- (enabled) (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] (0x4000): 0x556b59a20780/0x556b59a5d6b0 (14), -/W (disabled) (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_remove_timeout] (0x2000): 0x556b59a5e9c0 (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_dispatch] (0x4000): dbus conn: 0x556b59a5db00 (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_dispatch] (0x4000): Dispatching. (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [id_callback] (0x0100): Got id ack and version (1) from Monitor (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_server_init_new_connection] (0x0200): Entering. (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_server_init_new_connection] (0x0200): Adding connection 0x556b59a85950. (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_init_connection] (0x0400): Adding connection 0x556b59a85950 (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_add_watch] (0x2000): 0x556b59a8f920/0x556b59a80e30 (18), -/W (disabled) (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] (0x4000): 0x556b59a8f920/0x556b59a7e380 (18), R/- (enabled) (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_server_init_new_connection] (0x0200): Got a connection (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [dp_client_init] (0x0100): Set-up Backend ID timeout [0x556b59a8ec30] (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Client with path /org/freedesktop/sssd/dataprovider (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_conn_register_path] (0x0400): Registering object path /org/freedesktop/sssd/dataprovider with D-Bus connection (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.DBus.Properties with path /org/freedesktop/sssd/dataprovider (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.DBus.Introspectable with path /org/freedesktop/sssd/dataprovider (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.dataprovider with path /org/freedesktop/sssd/dataprovider (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Backend with path /org/freedesktop/sssd/dataprovider (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Failover with path /org/freedesktop/sssd/dataprovider (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.AccessControl with path /org/freedesktop/sssd/dataprovider (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_dispatch] (0x4000): dbus conn: 0x556b59a85950 (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] (0x4000): 0x556b59a8f920/0x556b59a7e380 (18), R/- (disabled) (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] (0x4000): 0x556b59a8f920/0x556b59a80e30 (18), -/W (enabled) (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] (0x4000): 0x556b59a8f920/0x556b59a7e380 (18), R/- (enabled) (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] (0x4000): 0x556b59a8f920/0x556b59a80e30 (18), -/W (disabled) Unable to initialize STARTTLS session
Hi,
SSSD is calling ipa-getkeytab here, does it work if you call ipa-getkeytab manually? Please make sure you use the '--retrieve' option to not override existing keys.
The STARTTLS might indicate issues with certificates. Have you check if maybe a related certificate is expired?
bye, Sumit
Failed to bind to server! Failed to get keytab
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure