On su, 22 maalis 2020, Faraz Younus via FreeIPA-users wrote:
that's the only logs I have on client , but on master server
I'm getting
this on krb5kdc.log
Mar 22 12:31:32
ipa1.fixedandmobile.com krb5kdc[7890](info): AS_REQ (4
etypes {18 17 16 23}) 10.160.253.104: NEEDED_PREAUTH: host/*england*-
web-dev.fixedandmobile.com(a)FIXEDANDMOBILE.COM for krbtgt/
FIXEDANDMOBILE.COM(a)FIXEDANDMOBILE.COM, Additional pre-authentication
required
Mar 22 12:31:32
ipa1.fixedandmobile.com krb5kdc[7891](info): AS_REQ (4
etypes {18 17 16 23}) 10.160.253.104: ISSUE: authtime 1584880292, etypes
{rep=18 tkt=18 ses=18}, host/*england*-
web-dev.fixedandmobile.com(a)FIXEDANDMOBILE.COM for krbtgt/
FIXEDANDMOBILE.COM(a)FIXEDANDMOBILE.COM
these two are not problems at all. This is correct sequence of logged
actions for normal operations.
Now that you have Kerberos key for host/.. principal working fine,
continue with SSSD logs for your ssh client access attempt.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland