On 03/30/2015 01:55 AM, Jakub Hrozek wrote:
On Fri, Mar 27, 2015 at 10:09:43PM +0100, Lukas Slebodnik wrote:
> On (27/03/15 14:01), Orion Poplawski wrote:
>> (Fri Mar 27 13:51:43 2015) [sssd[be[nwra.com]]] [be_pam_handler_callback]
>> (0x0100): Backend returned: (0, 4, <NULL>) [Success]
> I know that you fixed your problem, but pam error code 4 (System error)
> should not happend in sssd It means some serious problem.
>
> It can be related to the pevious debug message "krb5_auth_recv request
failed."
>
> Could you provide domain log file and krb5_child.log with enabled verbose
> logging? (put debug_level = 0xfff0 into domain section.
Yes, in addition, it would be nice to see the output of
KRB5_TRACE=/dev/stderr kinit -E -C orion(a)ad.nwra.com
Also, the UPN attribute of your user is really "Orion Poplawski(a)AD.NWRA.COM" ?
A mistake in an AD update set it to that. Obviously it should be
orion(a)AD.NWRA.COM, and is fixed now. Do you still want the kinit trace
for this configuration error?
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane orion(a)cora.nwra.com
Boulder, CO 80301
http://www.cora.nwra.com