Am Wed, May 11, 2022 at 12:14:56PM -0000 schrieb Damola Azeez via FreeIPA-users: > Hi, > > Output below
Hi, thanks, so this is working as expected, SSSD's ldap_child basically does the same. Can you add 'debug_level = 9' to the [domain/...] section of sssd.conf, restart SSSD, try to lookup some users and then send ldap_child.log? bye, Sumit > > KRB5_TRACE=/dev/stdout kinit -k 'host/epmtestapp.xxx@XXX' > [90987] 1652261211.989907: Getting initial credentials for > host/epmtestapp.xxx@XXX > [90987] 1652261211.990289: Looked up etypes in keytab: aes256-cts, aes128-cts > [90987] 1652261211.990325: Sending request (219 bytes) to XXX > [90987] 1652261211.990466: Initiating TCP connection to stream > 192.168.101.160:88 > [90987] 1652261211.990904: Sending TCP request to stream 192.168.101.160:88 > [90987] 1652261211.992858: Received answer from stream 192.168.101.160:88 > [90987] 1652261211.992904: Response was from master KDC > [90987] 1652261211.992933: Received error from KDC: -1765328359/Additional > pre-authentication required > [90987] 1652261211.992961: Processing preauth types: 16, 136, 19, 147, 151, > 2, 133 > [90987] 1652261211.992971: Selected etype info: etype aes256-cts, salt > "XXXhostepmtestapp.xxx", params "" > [90987] 1652261211.992979: Received cookie: MIT1 > [90987] 1652261211.993021: Retrieving host/epmtestapp.xxx@XXX from > FILE:/etc/krb5.keytab (vno 0, enctype aes256-cts) with result: 0/Success > [90987] 1652261211.993046: AS key obtained for encrypted timestamp: > aes256-cts/C287 > [90987] 1652261211.993083: Encrypted timestamp (for 1652261211.993052): plain > 301AA011180F32303232303531313039323635315AA10502030F271C, encrypted > 08289D768F7FF06911527C7B951D405E1893E39B351717C87677C41E4F0B94647EDDB9F9D1573414F7AE95F7C817D3B9188128CC3F960FA1 > [90987] 1652261211.993100: Preauth module encrypted_timestamp (2) (flags=1) > returned: 0/Success > [90987] 1652261211.993106: Produced preauth for next request: 133, 2 > [90987] 1652261211.993126: Sending request (454 bytes) to XXX > [90987] 1652261211.993171: Initiating TCP connection to stream > 192.168.101.160:88 > [90987] 1652261211.993340: Sending TCP request to stream 192.168.101.160:88 > [90987] 1652261211.995463: Received answer from stream 192.168.101.160:88 > [90987] 1652261211.995509: Response was from master KDC > [90987] 1652261211.995543: Processing preauth types: 19 > [90987] 1652261211.995553: Selected etype info: etype aes256-cts, salt > "XXXhostepmtestapp.xxx", params "" > [90987] 1652261211.995561: Produced preauth for next request: (empty) > [90987] 1652261211.995572: AS key determined by preauth: aes256-cts/C287 > [90987] 1652261211.995605: Decrypted AS reply; session key is: aes256-cts/D2C2 > [90987] 1652261211.995630: FAST negotiation: available > [90987] 1652261211.995656: Initializing FILE:/tmp/krb5cc_0 with default princ > host/epmtestapp.xxx@XXX > [90987] 1652261211.995838: Removing host/epmtestapp.xxx@XXX -> krbtgt/XXX@XXX > from FILE:/tmp/krb5cc_0 > [90987] 1652261211.995855: Storing host/epmtestapp.xxx@XXX -> krbtgt/XXX@XXX > in FILE:/tmp/krb5cc_0 > [90987] 1652261211.995948: Storing config in FILE:/tmp/krb5cc_0 for > krbtgt/XXX@XXX: fast_avail: yes > [90987] 1652261211.995984: Removing host/epmtestapp.xxx@XXX -> > krb5_ccache_conf_data/fast_avail/krbtgt\/XXX\@XXX@X-CACHECONF: from > FILE:/tmp/krb5cc_0 > [90987] 1652261211.995997: Storing host/epmtestapp.xxx@XXX -> > krb5_ccache_conf_data/fast_avail/krbtgt\/XXX\@XXX@X-CACHECONF: in > FILE:/tmp/krb5cc_0 > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
