Hi Sumit,
Ok please let me know which debug level I should be on and I will send you everything
privately.
Thanks for the effort.
Ondrej
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Sumit Bose
Sent: Friday, September 25, 2015 12:01 PM
To: End-user discussions about the System Security Services Daemon
<sssd-users(a)lists.fedorahosted.org>
Subject: Re: [SSSD-users] Problem authenticating user
On Fri, Sep 25, 2015 at 10:30:51AM +0000, Ondrej Valousek wrote:
> Here is the krb5_child.log:
>
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]]
> [sss_child_krb5_trace_cb] (0x4000): [27674] 1443100456.917796: TGS
> request result: 0/Success
>
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]]
> [sss_child_krb5_trace_cb] (0x4000): [27674] 1443100456.917822:
> Received creds for desired service
> host/nitrogen.dublin.ad.s3group.com(a)DUBLIN.AD.S3GROUP.COM
>
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]]
> [sss_child_krb5_trace_cb] (0x4000): [27674] 1443100456.917850:
> Removing ondrejv(a)DUBLIN.AD.S3GROUP.COM ->
> host/nitrogen.dublin.ad.s3group.com(a)DUBLIN.AD.S3GROUP.COM from
> MEMORY:rtAZ4cX
>
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]]
> [sss_child_krb5_trace_cb] (0x4000): [27674] 1443100456.917878: Storing
> ondrejv(a)DUBLIN.AD.S3GROUP.COM ->
> host/nitrogen.dublin.ad.s3group.com(a)DUBLIN.AD.S3GROUP.COM in
> MEMORY:rtAZ4cX
>
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]]
> [sss_child_krb5_trace_cb] (0x4000): [27674] 1443100456.917924:
> Creating authenticator for ondrejv(a)DUBLIN.AD.S3GROUP.COM ->
> host/nitrogen.dublin.ad.s3group.com(a)DUBLIN.AD.S3GROUP.COM, seqnum 0,
> subkey (null), session key rc4-hmac/E2F3
>
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]]
> [sss_child_krb5_trace_cb] (0x4000): [27674] 1443100456.918003:
> Retrieving host/nitrogen.dublin.ad.s3group.com(a)DUBLIN.AD.S3GROUP.COM
> from FILE:/etc/krb5.keytab (vno 59, enctype rc4-hmac) with result:
> 0/Success
>
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]]
> [sss_child_krb5_trace_cb] (0x4000): [27674] 1443100456.918061:
> Decrypted AP-REQ with specified server principal
> host/nitrogen.dublin.ad.s3group.com(a)DUBLIN.AD.S3GROUP.COM:
> rc4-hmac/0336
>
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]]
> [sss_child_krb5_trace_cb] (0x4000): [27674] 1443100456.918092: AP-REQ
> ticket: ondrejv(a)DUBLIN.AD.S3GROUP.COM ->
> host/nitrogen.dublin.ad.s3group.com(a)DUBLIN.AD.S3GROUP.COM, session key
> rc4-hmac/E2F3
>
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]]
> [sss_child_krb5_trace_cb] (0x4000): [27674] 1443100456.918267:
> Negotiated enctype based on authenticator: rc4-hmac
>
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]]
> [sss_child_krb5_trace_cb] (0x4000): [27674] 1443100456.918299:
> Initializing MEMORY:rd_req2 with default princ
> ondrejv(a)DUBLIN.AD.S3GROUP.COM
>
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]]
> [sss_child_krb5_trace_cb] (0x4000): [27674] 1443100456.918330:
> Removing ondrejv(a)DUBLIN.AD.S3GROUP.COM ->
> host/nitrogen.dublin.ad.s3group.com(a)DUBLIN.AD.S3GROUP.COM from
> MEMORY:rd_req2
>
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]]
> [sss_child_krb5_trace_cb] (0x4000): [27674] 1443100456.918357: Storing
> ondrejv(a)DUBLIN.AD.S3GROUP.COM ->
> host/nitrogen.dublin.ad.s3group.com(a)DUBLIN.AD.S3GROUP.COM in
> MEMORY:rd_req2
>
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]]
> [sss_child_krb5_trace_cb] (0x4000): [27674] 1443100456.918390:
> Destroying ccache MEMORY:rtAZ4cX
>
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]] [validate_tgt] (0x0400): TGT
verified using key for [host/nitrogen.dublin.ad.s3group.com(a)DUBLIN.AD.S3GROUP.COM].
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]]
> [sss_child_krb5_trace_cb] (0x4000): [27674] 1443100456.918470:
> Retrieving ondrejv(a)DUBLIN.AD.S3GROUP.COM ->
> host/nitrogen.dublin.ad.s3group.com(a)DUBLIN.AD.S3GROUP.COM from
> MEMORY:rd_req2 with result: 0/Success
>
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]]
> [sss_child_krb5_trace_cb] (0x4000): [27674] 1443100456.918565:
> Retrieving host/nitrogen.dublin.ad.s3group.com(a)DUBLIN.AD.S3GROUP.COM
> from FILE:/etc/krb5.keytab (vno 59, enctype rc4-hmac) with result:
> 0/Success
>
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]] [sss_send_pac] (0x0040):
sss_pac_make_request failed [-1][2].
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]] [validate_tgt] (0x0040):
sss_send_pac failed, group membership for user with principal
[ondrejv\@DUBLIN.AD.S3GROUP.COM(a)DUBLIN.AD.S3GROUP.COM] might not be correct.
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]]
> [sss_child_krb5_trace_cb] (0x4000): [27674] 1443100456.918705:
> Destroying ccache MEMORY:rd_req2
>
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]] [become_user] (0x0200):
Trying to become user [14019][10000].
> (Thu Sep 24 14:14:16 2015) [[sssd[krb5_child[27674]]]]
> [sss_get_ccache_name_for_principal] (0x4000): Location:
> [KEYRING:persistent:14019] (Thu Sep 24 14:14:16 2015)
> [[sssd[krb5_child[27674]]]] [sss_get_ccache_name_for_principal]
> (0x2000): krb5_cc_cache_match failed: [-1765328243][Can't find client
> principal ondrejv(a)DUBLIN.AD.S3GROUP.COM in cache collection]
>
> Not sure if it helps.
I'm sorry, but it does not help. Both messages about 'sss_pac_make_request
failed' and 'Can't find client principal' will not cause the
authentication to fail. So more log data is needed here. As said, feel free to send the
full logs to me directly.
bye,
Sumit
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
-----
The information contained in this e-mail and in any attachments is confidential and is
designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users