Hi All,
Last week I bound my computer to our local windows domain. As of today I started receiving
Authentication errors:
Debug_Log = 7
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [be_req_set_domain] (0x0400):
Changing request domain from [petermac.org.au] to [petermac.org.au]
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [be_pam_handler] (0x0100): Got
request with the following data
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): command:
SSS_PAM_AUTHENTICATE
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): domain:
petermac.org.au
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): user:
Ellul Jason
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): service:
su-l
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): tty:
pts/2
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): ruser:
jellul
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): rhost:
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): authtok
type: 1
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100):
newauthtok type: 0
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): priv: 0
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): cli_pid:
6067
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): logon
name: not set
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [krb5_auth_queue_send] (0x1000):
Wait queue of user [Ellul Jason] is empty, running request [0x555f73e8b420] immediately.
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [sysdb_search_override_by_name]
(0x0400): No user override found for name [Ellul Jason].
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [krb5_auth_prepare_ccache_name]
(0x1000): No ccache file for user [Ellul Jason] found.
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'AD'
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [get_server_status] (0x1000):
Status of server 'pmc-dc2.petermac.org.au' is 'working'
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [get_port_status] (0x1000): Port
status of port 389 for server 'pmc-dc2.petermac.org.au' is 'working'
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [resolve_srv_send] (0x0200): The
status of SRV lookup is resolved
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [get_server_status] (0x1000):
Status of server 'pmc-dc2.petermac.org.au' is 'working'
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [be_resolve_server_process]
(0x1000): Saving the first resolved server
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [be_resolve_server_process]
(0x0200): Found address for server pmc-dc2.petermac.org.au: [172.23.8.18] TTL 3600
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [ad_resolve_callback] (0x0100):
Constructed uri 'ldap://pmc-dc2.petermac.org.au'
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [ad_resolve_callback] (0x0100):
Constructed GC uri 'ldap://pmc-dc2.petermac.org.au'
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [write_pipe_handler] (0x0400): All
data has been sent!
(Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [main] (0x0400): krb5_child
started.
(Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [unpack_buffer] (0x1000): total
buffer size: [136]
(Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [unpack_buffer] (0x0100): cmd [241]
uid [1501] gid [1501] validate [true] enterprise principal [true] offline [false] UPN
[Ellul Jason(a)PETERMAC.ORG.AU]
(Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [unpack_buffer] (0x0100): ccname:
[KEYRING:persistent:1501] old_ccname: [not set] keytab: [/etc/krb5.keytab]
(Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [check_use_fast] (0x0100): Not using
FAST.
(Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [privileged_krb5_setup] (0x0080):
Cannot open the PAC responder socket
(Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [become_user] (0x0200): Trying to
become user [1501][1501].
(Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [set_lifetime_options] (0x0100):
Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
(Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [set_lifetime_options] (0x0100):
Cannot read [SSSD_KRB5_LIFETIME] from environment.
(Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [set_canonicalize_option] (0x0100):
SSSD_KRB5_CANONICALIZE is set to [true]
(Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [main] (0x0400): Will perform online
auth
(Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [tgt_req_child] (0x1000): Attempting
to get a TGT
(Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [get_and_save_tgt] (0x0400):
Attempting kinit for realm [PETERMAC.ORG.AU]
(Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [validate_tgt] (0x0020): TGT failed
verification using key for [LA35185$(a)PETERMAC.ORG.AU].
(Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [get_and_save_tgt] (0x0020): 1240:
[-1765328340][Cannot find key for LA35185$(a)PETERMAC.ORG.AU kvno 3 in keytab]
(Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [map_krb5_error] (0x0020): 1301:
[-1765328340][Cannot find key for LA35185$(a)PETERMAC.ORG.AU kvno 3 in keytab]
(Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [k5c_send_data] (0x0200): Received
error code 1432158209
(Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [main] (0x0400): krb5_child
completed successfully
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [read_pipe_handler] (0x0400): EOF
received, client finished
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [parse_krb5_child_response]
(0x1000): child response [1432158209][6][8].
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [check_wait_queue] (0x1000): Wait
queue for user [Ellul Jason] is empty.
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [krb5_auth_queue_done] (0x1000):
krb5_auth_queue request [0x555f73e8b420] done.
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [be_pam_handler_callback] (0x0100):
Backend returned: (0, 4, <NULL>) [Success]
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [be_pam_handler_callback] (0x0100):
Sending result [4][petermac.org.au]
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [be_pam_handler_callback] (0x0100):
Sent result [4][petermac.org.au]
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [child_sig_handler] (0x1000):
Waiting for child [6572].
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [child_sig_handler] (0x0100): child
[6572] finished successfully.
(Mon May 23 17:18:58 2016) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [4
(System error)][petermac.org.au]
(Mon May 23 17:18:58 2016) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result
[4]: System error.
(Mon May 23 17:18:58 2016) [sssd[pam]] [pam_reply] (0x0200): blen: 32
(Mon May 23 17:18:58 2016) [sssd[pam]] [client_recv] (0x0200): Client disconnected!
(Mon May 23 17:18:59 2016) [sssd[nss]] [client_recv] (0x0200): Client disconnected!
(Mon May 23 17:20:10 2016) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected!
and
[root@la35185 jellul]# klist -k -t /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
---- ----------------- --------------------------------------------------------
2 23/05/16 12:55:53 LA35185$(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 LA35185$(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 LA35185$(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 LA35185$(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 LA35185$(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 HOST/LA35185(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 HOST/LA35185(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 HOST/LA35185(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 HOST/LA35185(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 HOST/LA35185(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 HOST/la35185.petermac.org.au(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 HOST/la35185.petermac.org.au(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 HOST/la35185.petermac.org.au(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 HOST/la35185.petermac.org.au(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 HOST/la35185.petermac.org.au(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 RestrictedKrbHost/LA35185(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 RestrictedKrbHost/LA35185(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 RestrictedKrbHost/LA35185(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 RestrictedKrbHost/LA35185(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 RestrictedKrbHost/LA35185(a)PETERMAC.ORG.AU
2 23/05/16 12:55:53 RestrictedKrbHost/la35185.petermac.org.au(a)PETERMAC.ORG.AU
2 23/05/16 12:55:54 RestrictedKrbHost/la35185.petermac.org.au(a)PETERMAC.ORG.AU
2 23/05/16 12:55:54 RestrictedKrbHost/la35185.petermac.org.au(a)PETERMAC.ORG.AU
2 23/05/16 12:55:54 RestrictedKrbHost/la35185.petermac.org.au(a)PETERMAC.ORG.AU
2 23/05/16 12:55:54 RestrictedKrbHost/la35185.petermac.org.au(a)PETERMAC.ORG.AU
Any help you could provide would be greatly appreciated.
Many thanks
Jason