Mike Conner via FreeIPA-users wrote: > The following is a portion of the sssd log on the client reflecting the same > inability to retrieve keytab: > *** > (Fri Feb 12 10:11:54 2021) [sssd[be[ipa.domain.edu]]] [sss_domain_get_state] > (0x1000): Domain domain.edu is Active > (Fri Feb 12 10:11:54 2021) [sssd[be[ipa.domain.edu]]] > [ipa_server_trusted_dom_setup_send] (0x1000): Trust direction of subdom > domain.edu from forest domain.edu is: one-way inbound: local domain trusts > the remote domain > (Fri Feb 12 10:11:54 2021) [sssd[be[ipa.domain.edu]]] > [ipa_server_trusted_dom_setup_1way] (0x0400): Will re-fetch keytab for > domain.edu > (Fri Feb 12 10:11:54 2021) [sssd[be[ipa.domain.edu]]] [ipa_getkeytab_send] > (0x0400): Retrieving keytab for [email protected] from test.ipa.domain.edu into > /var/lib/sss/keytabs/domain.edu.keytabENwf67 using ccache > /var/lib/sss/db/ccache_IPA.DOMAIN.EDU > (Fri Feb 12 10:11:54 2021) [sssd[be[ipa.domain.edu]]] [child_handler_setup] > (0x2000): Setting up signal handler up for pid [88300] > (Fri Feb 12 10:11:54 2021) [sssd[be[ipa.domain.edu]]] [child_handler_setup] > (0x2000): Signal handler set up for pid [88300] > (Fri Feb 12 10:11:54 2021) [sssd[be[ipa.domain.edu]]] [sbus_dispatch] > (0x4000): dbus conn: 0x5578611b8b00 > (Fri Feb 12 10:11:54 2021) [sssd[be[ipa.domain.edu]]] [sbus_dispatch] > (0x4000): dbus conn: 0x5578611b8b00 > (Fri Feb 12 10:11:54 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] > (0x4000): 0x55786117b780/0x5578611b8700 (14), R/- (disabled) > (Fri Feb 12 10:11:54 2021) [sssd[be[ipa.domain.edu]]] [sbus_toggle_watch] > (0x4000): 0x55786117b780/0x5578611b86b0 (14), -/W (enabled) > *** > > At the same time, the errors log on the IPA server > (/var/log/dirsrv/slapd_IPA-DOMAIN-EDU/errors) does not log any errors (TLS or > otherwise): > *** > [12/Feb/2021:10:08:10.990268019 -0600] - INFO - slapd_daemon - slapd started. > Listening on All Interfaces port 389 for LDAP requests > [12/Feb/2021:10:08:10.992126928 -0600] - INFO - slapd_daemon - Listening on > All Interfaces port 636 for LDAPS requests > [12/Feb/2021:10:08:10.993036367 -0600] - INFO - slapd_daemon - Listening on > /var/run/slapd-IPA-DOMAIN-EDU.socket for LDAPI requests > [12/Feb/2021:10:08:11.058722880 -0600] - ERR - schema-compat-plugin - > schema-compat-plugin tree scan will start in about 5 seconds! > [12/Feb/2021:10:08:16.148838179 -0600] - ERR - schema-compat-plugin - > warning: no entries set up under cn=computers, > cn=compat,dc=ipa,dc=domain,dc=edu > [12/Feb/2021:10:08:16.150531968 -0600] - ERR - schema-compat-plugin - > Finished plugin initialization. > ***
LDAP connections are not logged in errors. You need to look in access. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
