Hi all,
I am trying to use the AD provider in order to connect a client to our
Active Directory. I have to mention, that our DNS Setup is somewhat
broken, so reverse lookups do not work by default.
When I now try connect, with reverse lookups not working, I got an error:
...
(Mon Aug 12 14:40:08 2013) [sssd[be[D.ETHZ.CH]]] [resolve_srv_send]
(0x0200): The status of SRV lookup is resolved
(Mon Aug 12 14:40:08 2013) [sssd[be[D.ETHZ.CH]]] [get_server_status]
(0x1000): Status of server 'novo.d.ethz.ch' is 'name resolved'
(Mon Aug 12 14:40:08 2013) [sssd[be[D.ETHZ.CH]]]
[be_resolve_server_process] (0x1000): Saving the first resolved server
(Mon Aug 12 14:40:08 2013) [sssd[be[D.ETHZ.CH]]]
[be_resolve_server_process] (0x0200): Found address for server
novo.d.ethz.ch: [172.31.65.60] TTL 938
(Mon Aug 12 14:40:08 2013) [sssd[be[D.ETHZ.CH]]]
[sdap_kinit_kdc_resolved] (0x1000): KDC resolved, attempting to get TGT...
(Mon Aug 12 14:40:08 2013) [sssd[be[D.ETHZ.CH]]]
[create_tgt_req_send_buffer] (0x1000): buffer size: 43
(Mon Aug 12 14:40:08 2013) [sssd[be[D.ETHZ.CH]]] [set_tgt_child_timeout]
(0x0400): Setting 6 seconds timeout for tgt child
(Mon Aug 12 14:40:08 2013) [sssd[be[D.ETHZ.CH]]] [write_pipe_handler]
(0x0400): All data has been sent!
(Mon Aug 12 14:40:08 2013) [[sssd[ldap_child[1917]]]] [main] (0x0400):
ldap_child started.
(Mon Aug 12 14:40:08 2013) [[sssd[ldap_child[1917]]]] [unpack_buffer]
(0x1000): total buffer size: 43
(Mon Aug 12 14:40:08 2013) [[sssd[ldap_child[1917]]]] [unpack_buffer]
(0x1000): realm_str size: 9
(Mon Aug 12 14:40:08 2013) [[sssd[ldap_child[1917]]]] [unpack_buffer]
(0x1000): got realm_str: D.ETHZ.CH
(Mon Aug 12 14:40:08 2013) [[sssd[ldap_child[1917]]]] [unpack_buffer]
(0x1000): princ_str size: 18
(Mon Aug 12 14:40:08 2013) [[sssd[ldap_child[1917]]]] [unpack_buffer]
(0x1000): got princ_str: ldapmap1/d.ethz.ch
(Mon Aug 12 14:40:08 2013) [[sssd[ldap_child[1917]]]] [unpack_buffer]
(0x1000): keytab_name size: 0
(Mon Aug 12 14:40:08 2013) [[sssd[ldap_child[1917]]]] [unpack_buffer]
(0x1000): lifetime: 86400
(Mon Aug 12 14:40:08 2013) [[sssd[ldap_child[1917]]]]
[ldap_child_get_tgt_sync] (0x0100): Principal name is:
[ldapmap1/d.ethz.ch(a)D.ETHZ.CH]
(Mon Aug 12 14:40:08 2013) [[sssd[ldap_child[1917]]]]
[ldap_child_get_tgt_sync] (0x0100): Using keytab [default]
(Mon Aug 12 14:40:08 2013) [[sssd[ldap_child[1917]]]] [prepare_response]
(0x0400): Building response for result [0]
(Mon Aug 12 14:40:08 2013) [[sssd[ldap_child[1917]]]] [pack_buffer]
(0x1000): result [0] krberr [0] msgsize [37] msg
[FILE:/var/lib/sss/db/ccache_D.ETHZ.CH]
(Mon Aug 12 14:40:08 2013) [[sssd[ldap_child[1917]]]] [main] (0x0400):
ldap_child completed successfully
(Mon Aug 12 14:40:08 2013) [sssd[be[D.ETHZ.CH]]] [read_pipe_handler]
(0x0400): EOF received, client finished
(Mon Aug 12 14:40:08 2013) [sssd[be[D.ETHZ.CH]]] [sdap_get_tgt_recv]
(0x0400): Child responded: 0 [FILE:/var/lib/sss/db/ccache_D.ETHZ.CH],
expired on [1376347208]
(Mon Aug 12 14:40:08 2013) [sssd[be[D.ETHZ.CH]]] [sdap_cli_auth_step]
(0x0100): expire timeout is 900
(Mon Aug 12 14:40:08 2013) [sssd[be[D.ETHZ.CH]]] [sdap_cli_auth_step]
(0x1000): the connection will expire at 1376312108
(Mon Aug 12 14:40:08 2013) [sssd[be[D.ETHZ.CH]]] [sasl_bind_send]
(0x0100): Executing sasl bind mech: gssapi, user: ldapmap1/d.ethz.ch
(Mon Aug 12 14:40:08 2013) [sssd[be[D.ETHZ.CH]]] [sasl_bind_send]
(0x0020): ldap_sasl_bind failed (-2)[Local error]
(Mon Aug 12 14:40:08 2013) [sssd[be[D.ETHZ.CH]]] [sasl_bind_send]
(0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI
Error: Unspecified GSS failure. Minor code may provide more information
(Server not found in Kerberos database)]
...
Any idea why this might happen?
Greets
Marcus
Attachments:
- smime.p7s
(application/pkcs7-signature — 2.4 KB)
Show replies by date