7:33 a.m.
sssd version 1.15.0 running on Ubuntu Xenial.
In my setup sssd is not automatically refreshing computer account tickets after 30 days,
for some reason.
I found te msktutil package, which has a cron job which runs msktutil --auto-update each
day.
So far so good.
However msktutil --auto-update fails but msktutil --update works OK.
Can anyone drop me a hint please why this might be so?
Snippets from the verbose output below.
/usr/sbin/msktutil --verbose --auto-update
-- get_default_keytab: Obtaining the default keytab name: FILE:/etc/krb5.keytab
-- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-V1URdr
-- reload: Reloading Kerberos Context
-- finalize_exec: SAM Account Name is: and$
-- try_machine_keytab_princ: Trying to authenticate for and$ from local keytab...
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Preauthentication
failed)
-- try_machine_keytab_princ: Authentication with keytab failed
/usr/sbin/msktutil --verbose --update
-- get_default_keytab: Obtaining the default keytab name: FILE:/etc/krb5.keytab
-- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-QXmuHN
-- reload: Reloading Kerberos Context
-- finalize_exec: SAM Account Name is: and$
-- try_machine_keytab_princ: Trying to authenticate for and$ from local keytab...
-- switch_default_ccache: Using the local credential cache:
FILE:/tmp/.mskt_krb5_ccache-ZChBdy
-- finalize_exec: Authenticated using method 1
8:16 a.m.
On Fri, Jun 08, 2018 at 12:33:05PM +0000, JOHE (John Hearns) wrote:
sssd version 1.15.0 running on Ubuntu Xenial.
In my setup sssd is not automatically refreshing computer account tickets after 30 days,
for some reason.
Do you have any logs? With debug_level=7 or higher the logs should
contains the adcli debug output which might help to understand why it
failed?
I found te msktutil package, which has a cron job which runs msktutil --auto-update each
day.
So far so good.
However msktutil --auto-update fails but msktutil --update works OK.
Can anyone drop me a hint please why this might be so?
Snippets from the verbose output below.
/usr/sbin/msktutil --verbose --auto-update
-- get_default_keytab: Obtaining the default keytab name: FILE:/etc/krb5.keytab
-- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-V1URdr
-- reload: Reloading Kerberos Context
-- finalize_exec: SAM Account Name is: and$
-- try_machine_keytab_princ: Trying to authenticate for and$ from local keytab...
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Preauthentication
failed)
This is the typical error code for wrong password/wrong key. Maybe you
can run both commands with
KRB5_TRACE=/dev/stdout /usr/sbin/msktutil ...
to see if there is any difference?
HTH
bye,
Sumit
-- try_machine_keytab_princ: Authentication with keytab failed
/usr/sbin/msktutil --verbose --update
-- get_default_keytab: Obtaining the default keytab name: FILE:/etc/krb5.keytab
-- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-QXmuHN
-- reload: Reloading Kerberos Context
-- finalize_exec: SAM Account Name is: and$
-- try_machine_keytab_princ: Trying to authenticate for and$ from local keytab...
-- switch_default_ccache: Using the local credential cache:
FILE:/tmp/.mskt_krb5_ccache-ZChBdy
-- finalize_exec: Authenticated using method 1
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahost...
8:24 a.m.
On Fri, Jun 08, 2018 at 12:33:05PM +0000, JOHE (John Hearns) wrote:
sssd version 1.15.0 running on Ubuntu Xenial.
In my setup sssd is not automatically refreshing computer account tickets after 30 days,
for some reason.
Does the machine that is not refreshing the tickets have adcli
installed?
I found te msktutil package, which has a cron job which runs msktutil --auto-update each
day.
So far so good.
However msktutil --auto-update fails but msktutil --update works OK.
Can anyone drop me a hint please why this might be so?
Snippets from the verbose output below.
/usr/sbin/msktutil --verbose --auto-update
-- get_default_keytab: Obtaining the default keytab name: FILE:/etc/krb5.keytab
-- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-V1URdr
-- reload: Reloading Kerberos Context
-- finalize_exec: SAM Account Name is: and$
-- try_machine_keytab_princ: Trying to authenticate for and$ from local keytab...
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Preauthentication
failed)
-- try_machine_keytab_princ: Authentication with keytab failed
/usr/sbin/msktutil --verbose --update
-- get_default_keytab: Obtaining the default keytab name: FILE:/etc/krb5.keytab
-- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-QXmuHN
-- reload: Reloading Kerberos Context
-- finalize_exec: SAM Account Name is: and$
-- try_machine_keytab_princ: Trying to authenticate for and$ from local keytab...
-- switch_default_ccache: Using the local credential cache:
FILE:/tmp/.mskt_krb5_ccache-ZChBdy
-- finalize_exec: Authenticated using method 1
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahost...
2143
days inactive
2143
days old
sssd-users@lists.fedorahosted.org
2 comments
3 participants
participants (3)
-
Jakub Hrozek -
JOHE (John Hearns) -
Sumit Bose