(Resending this email, files were too large) Sorry for the delayed reply. I was on vacation for a few days.
> Please show us the KDC log when you are provoking a failure. I'm attaching the slapd access, slapd error, krb5kdb.log and kadmind.log. The only thing of note I see in those logs is in the slapd access log: [11/Jul/2024:17:32:01.528294151 -0500] conn=57224 op=1 RESULT err=49 tag=97 nentries=0 wtime=0.000076683 optime=0.265358256 etime=0.265415438 - SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context which shows up often. > I'm not sure what ticket you're referring to, unless you mean a TGT. I think GSSAPI errors may be related to this ticket issue showing "keytab entry invalid": root@pacific ~ $ klist -kte /etc/dirsrv/ds.keytab Keytab name: FILE:/etc/dirsrv/ds.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 2 07/11/2024 18:54:19 ldap/[email protected] (aes256-cts-hmac-sha1-96) 2 07/11/2024 19:44:09 ldap/[email protected] (aes128-cts-hmac-sha1-96) root@pacific ~ $ kvno -k /etc/dirsrv/ds.keytab ldap/pacific.caps.int ldap/[email protected]: kvno = 2, keytab entry invalid kvno: Wrong principal in request while decrypting ticket for ldap/[email protected] That's after I got a new ticket with ktutil. Thanks, Bryan
access
Description: Binary data
errors
Description: Binary data
krb5kdc.log
Description: Binary data
kadmind.log
Description: Binary data
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
