On Thu, Feb 11, 2021 at 10:20:45PM -0000, Mike Conner via FreeIPA-users wrote: > This additional bit from the logs indicates a failure to retireve a keytab: > **** > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [main] (0x0400): > Backend provider (ipa.domain.edu) started! > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sss_domain_get_state] > (0x1000): Domain domain.edu is Active > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] > [ipa_server_trusted_dom_setup_send] (0x1000): Trust direction of subdom > domain.edu from forest domain.edu is: one-way inbound: local domain trusts > the remote domain > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] > [ipa_server_trusted_dom_setup_1way] (0x0400): Will re-fetch keytab for > domain.edu > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [ipa_getkeytab_send] > (0x0400): Retrieving keytab for [email protected] from test.ipa.domain.edu into > /var/lib/sss/keytabs/domain.edu.keytabDHvyo4 using ccache > /var/lib/sss/db/ccache_ipa.domain.edu > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [child_handler_setup] > (0x2000): Setting up signal handler up for pid [80814] > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [child_handler_setup] > (0x2000): Signal handler set up for pid [80814] > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_dispatch] > (0x4000): dbus conn: 0x556b59a5db00 > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_dispatch] > (0x4000): dbus conn: 0x556b59a5db00 > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] > (0x4000): 0x556b59a20780/0x556b59a5d700 (14), R/- (disabled) > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] > (0x4000): 0x556b59a20780/0x556b59a5d6b0 (14), -/W (enabled) > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] > (0x4000): 0x556b59a20780/0x556b59a5d700 (14), R/- (enabled) > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] > (0x4000): 0x556b59a20780/0x556b59a5d6b0 (14), -/W (disabled) > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] > (0x4000): 0x556b59a20780/0x556b59a5d700 (14), R/- (disabled) > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] > (0x4000): 0x556b59a20780/0x556b59a5d6b0 (14), -/W (enabled) > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] > (0x4000): 0x556b59a20780/0x556b59a5d700 (14), R/- (enabled) > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] > (0x4000): 0x556b59a20780/0x556b59a5d6b0 (14), -/W (disabled) > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_remove_timeout] > (0x2000): 0x556b59a5e9c0 > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_dispatch] > (0x4000): dbus conn: 0x556b59a5db00 > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_dispatch] > (0x4000): Dispatching. > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [id_callback] (0x0100): > Got id ack and version (1) from Monitor > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] > [sbus_server_init_new_connection] (0x0200): Entering. > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] > [sbus_server_init_new_connection] (0x0200): Adding connection 0x556b59a85950. > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_init_connection] > (0x0400): Adding connection 0x556b59a85950 > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_add_watch] > (0x2000): 0x556b59a8f920/0x556b59a80e30 (18), -/W (disabled) > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] > (0x4000): 0x556b59a8f920/0x556b59a7e380 (18), R/- (enabled) > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] > [sbus_server_init_new_connection] (0x0200): Got a connection > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [dp_client_init] > (0x0100): Set-up Backend ID timeout [0x556b59a8ec30] > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] > [sbus_opath_hash_add_iface] (0x0400): Registering interface > org.freedesktop.sssd.DataProvider.Client with path > /org/freedesktop/sssd/dataprovider > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] > [sbus_conn_register_path] (0x0400): Registering object path > /org/freedesktop/sssd/dataprovider with D-Bus connection > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] > [sbus_opath_hash_add_iface] (0x0400): Registering interface > org.freedesktop.DBus.Properties with path /org/freedesktop/sssd/dataprovider > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] > [sbus_opath_hash_add_iface] (0x0400): Registering interface > org.freedesktop.DBus.Introspectable with path > /org/freedesktop/sssd/dataprovider > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] > [sbus_opath_hash_add_iface] (0x0400): Registering interface > org.freedesktop.sssd.dataprovider with path /org/freedesktop/sssd/dataprovider > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] > [sbus_opath_hash_add_iface] (0x0400): Registering interface > org.freedesktop.sssd.DataProvider.Backend with path > /org/freedesktop/sssd/dataprovider > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] > [sbus_opath_hash_add_iface] (0x0400): Registering interface > org.freedesktop.sssd.DataProvider.Failover with path > /org/freedesktop/sssd/dataprovider > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] > [sbus_opath_hash_add_iface] (0x0400): Registering interface > org.freedesktop.sssd.DataProvider.AccessControl with path > /org/freedesktop/sssd/dataprovider > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_dispatch] > (0x4000): dbus conn: 0x556b59a85950 > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] > (0x4000): 0x556b59a8f920/0x556b59a7e380 (18), R/- (disabled) > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] > (0x4000): 0x556b59a8f920/0x556b59a80e30 (18), -/W (enabled) > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] > (0x4000): 0x556b59a8f920/0x556b59a7e380 (18), R/- (enabled) > (Thu Feb 11 15:45:13 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] > (0x4000): 0x556b59a8f920/0x556b59a80e30 (18), -/W (disabled) > Unable to initialize STARTTLS session
Hi, SSSD is calling ipa-getkeytab here, does it work if you call ipa-getkeytab manually? Please make sure you use the '--retrieve' option to not override existing keys. The STARTTLS might indicate issues with certificates. Have you check if maybe a related certificate is expired? bye, Sumit > Failed to bind to server! > Failed to get keytab > *** > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
