On 20/06/2019 14:40, Sumit Bose wrote:
> Ok, the maybe to make it more bizzare, I've had it:
>
> includedir /etc/krb5.conf.d/
> includedir /var/lib/sss/pubconf/krb5.include.d/
>
> [libdefaults]
> default_realm = MINE.PRIVATE
> dns_lookup_realm = true
> dns_lookup_kdc = true
> rdns = false
> dns_canonicalize_hostname = false
> ticket_lifetime = 24h
> forwardable = true
> udp_preference_limit = 0
> default_ccache_name = KEYRING:persistent:%{uid}
>
>
> [realms]
> MINE.PRIVATE= {
Is this ^^^ the realm that is mentioned in the 'Cannot find KDC for
realm ...' error message in krb5_child.log?
no, it is for:
(Thu Jun 20 12:16:13 2019) [[sssd[krb5_child[956]]]] [map_krb5_error]
(0x0020): 1808: [-1765328230][Cannot find KDC for realm "PRIVATE"]
it's AD's realm
Can you try if kinit from the command line works for the principal
shown
in the 'Getting initial credentials for ...' debug message in
krb5_child.log?
but this is a machine:
Thu Jun 20 09:21:28 2019) [[sssd[ldap_child[515]]]]
[sss_child_krb5_trace_cb] (0x4000): [515] 1561022488.21748: Getting
initial credentials for host/halfspeed-r.mine.private(a)MINE.PRIVATE
How can I kinit a host/machine?
Additionally does 'kinit -k' work from the command line with
the
principal from the 'Fast principal is set to ...' debug message?
That is the same machine/host:
(Thu Jun 20 12:16:13 2019) [[sssd[krb5_child[956]]]] [k5c_setup_fast]
(0x0100): Fast principal is set to
[host/halfspeed-r.mine.private(a)MINE.PRIVATE]
$ kinit -k host/halfspeed-r.mine.private(a)MINE.PRIVAT && echo Y
$ Y
many thanks, L.
bye,
Sumit