Hi All,
Last week I bound my computer to our local windows domain. As of today I started receiving Authentication errors:
Debug_Log = 7
(Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [be_req_set_domain] (0x0400): Changing request domain from [petermac.org.au] to [petermac.org.au] (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [be_pam_handler] (0x0100): Got request with the following data (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): domain: petermac.org.au (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): user: Ellul Jason (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): service: su-l (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): tty: pts/2 (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): ruser: jellul (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): rhost: (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): authtok type: 1 (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): newauthtok type: 0 (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): priv: 0 (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): cli_pid: 6067 (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [pam_print_data] (0x0100): logon name: not set (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [krb5_auth_queue_send] (0x1000): Wait queue of user [Ellul Jason] is empty, running request [0x555f73e8b420] immediately. (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [sysdb_search_override_by_name] (0x0400): No user override found for name [Ellul Jason]. (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [krb5_auth_prepare_ccache_name] (0x1000): No ccache file for user [Ellul Jason] found. (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [get_server_status] (0x1000): Status of server 'pmc-dc2.petermac.org.au' is 'working' (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [get_port_status] (0x1000): Port status of port 389 for server 'pmc-dc2.petermac.org.au' is 'working' (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [resolve_srv_send] (0x0200): The status of SRV lookup is resolved (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [get_server_status] (0x1000): Status of server 'pmc-dc2.petermac.org.au' is 'working' (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [be_resolve_server_process] (0x1000): Saving the first resolved server (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [be_resolve_server_process] (0x0200): Found address for server pmc-dc2.petermac.org.au: [172.23.8.18] TTL 3600 (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://pmc-dc2.petermac.org.au' (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://pmc-dc2.petermac.org.au' (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [write_pipe_handler] (0x0400): All data has been sent! (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [main] (0x0400): krb5_child started. (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [unpack_buffer] (0x1000): total buffer size: [136] (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [unpack_buffer] (0x0100): cmd [241] uid [1501] gid [1501] validate [true] enterprise principal [true] offline [false] UPN [Ellul Jason@PETERMAC.ORG.AU] (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [unpack_buffer] (0x0100): ccname: [KEYRING:persistent:1501] old_ccname: [not set] keytab: [/etc/krb5.keytab] (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [check_use_fast] (0x0100): Not using FAST. (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [become_user] (0x0200): Trying to become user [1501][1501]. (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment. (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment. (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true] (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [main] (0x0400): Will perform online auth (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [tgt_req_child] (0x1000): Attempting to get a TGT (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [PETERMAC.ORG.AU] (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [validate_tgt] (0x0020): TGT failed verification using key for [LA35185$@PETERMAC.ORG.AU]. (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [get_and_save_tgt] (0x0020): 1240: [-1765328340][Cannot find key for LA35185$@PETERMAC.ORG.AU kvno 3 in keytab] (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [map_krb5_error] (0x0020): 1301: [-1765328340][Cannot find key for LA35185$@PETERMAC.ORG.AU kvno 3 in keytab] (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [k5c_send_data] (0x0200): Received error code 1432158209 (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [main] (0x0400): krb5_child completed successfully (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [read_pipe_handler] (0x0400): EOF received, client finished (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [parse_krb5_child_response] (0x1000): child response [1432158209][6][8]. (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [check_wait_queue] (0x1000): Wait queue for user [Ellul Jason] is empty. (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0x555f73e8b420] done. (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>) [Success] (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [be_pam_handler_callback] (0x0100): Sending result [4][petermac.org.au] (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [be_pam_handler_callback] (0x0100): Sent result [4][petermac.org.au] (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [child_sig_handler] (0x1000): Waiting for child [6572]. (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [child_sig_handler] (0x0100): child [6572] finished successfully. (Mon May 23 17:18:58 2016) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [4 (System error)][petermac.org.au] (Mon May 23 17:18:58 2016) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error. (Mon May 23 17:18:58 2016) [sssd[pam]] [pam_reply] (0x0200): blen: 32 (Mon May 23 17:18:58 2016) [sssd[pam]] [client_recv] (0x0200): Client disconnected! (Mon May 23 17:18:59 2016) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Mon May 23 17:20:10 2016) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected!
and
[root@la35185 jellul]# klist -k -t /etc/krb5.keytab Keytab name: FILE:/etc/krb5.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 2 23/05/16 12:55:53 LA35185$@PETERMAC.ORG.AU 2 23/05/16 12:55:53 LA35185$@PETERMAC.ORG.AU 2 23/05/16 12:55:53 LA35185$@PETERMAC.ORG.AU 2 23/05/16 12:55:53 LA35185$@PETERMAC.ORG.AU 2 23/05/16 12:55:53 LA35185$@PETERMAC.ORG.AU 2 23/05/16 12:55:53 HOST/LA35185@PETERMAC.ORG.AU 2 23/05/16 12:55:53 HOST/LA35185@PETERMAC.ORG.AU 2 23/05/16 12:55:53 HOST/LA35185@PETERMAC.ORG.AU 2 23/05/16 12:55:53 HOST/LA35185@PETERMAC.ORG.AU 2 23/05/16 12:55:53 HOST/LA35185@PETERMAC.ORG.AU 2 23/05/16 12:55:53 HOST/la35185.petermac.org.au@PETERMAC.ORG.AU 2 23/05/16 12:55:53 HOST/la35185.petermac.org.au@PETERMAC.ORG.AU 2 23/05/16 12:55:53 HOST/la35185.petermac.org.au@PETERMAC.ORG.AU 2 23/05/16 12:55:53 HOST/la35185.petermac.org.au@PETERMAC.ORG.AU 2 23/05/16 12:55:53 HOST/la35185.petermac.org.au@PETERMAC.ORG.AU 2 23/05/16 12:55:53 RestrictedKrbHost/LA35185@PETERMAC.ORG.AU 2 23/05/16 12:55:53 RestrictedKrbHost/LA35185@PETERMAC.ORG.AU 2 23/05/16 12:55:53 RestrictedKrbHost/LA35185@PETERMAC.ORG.AU 2 23/05/16 12:55:53 RestrictedKrbHost/LA35185@PETERMAC.ORG.AU 2 23/05/16 12:55:53 RestrictedKrbHost/LA35185@PETERMAC.ORG.AU 2 23/05/16 12:55:53 RestrictedKrbHost/la35185.petermac.org.au@PETERMAC.ORG.AU 2 23/05/16 12:55:54 RestrictedKrbHost/la35185.petermac.org.au@PETERMAC.ORG.AU 2 23/05/16 12:55:54 RestrictedKrbHost/la35185.petermac.org.au@PETERMAC.ORG.AU 2 23/05/16 12:55:54 RestrictedKrbHost/la35185.petermac.org.au@PETERMAC.ORG.AU 2 23/05/16 12:55:54 RestrictedKrbHost/la35185.petermac.org.au@PETERMAC.ORG.AU
Any help you could provide would be greatly appreciated.
Many thanks
Jason
sssd-users@lists.fedorahosted.org
-
Jason Ellul