Am Wed, May 11, 2022 at 12:14:56PM -0000 schrieb Damola Azeez via FreeIPA-users:
Hi,
Output below
Hi,
thanks, so this is working as expected, SSSD's ldap_child basically does
the same. Can you add 'debug_level = 9' to the [domain/...] section of
sssd.conf, restart SSSD, try to lookup some users and then send
ldap_child.log?
bye,
Sumit
KRB5_TRACE=/dev/stdout kinit -k 'host/epmtestapp.xxx@XXX'
[90987] 1652261211.989907: Getting initial credentials for host/epmtestapp.xxx@XXX
[90987] 1652261211.990289: Looked up etypes in keytab: aes256-cts, aes128-cts
[90987] 1652261211.990325: Sending request (219 bytes) to XXX
[90987] 1652261211.990466: Initiating TCP connection to stream 192.168.101.160:88
[90987] 1652261211.990904: Sending TCP request to stream 192.168.101.160:88
[90987] 1652261211.992858: Received answer from stream 192.168.101.160:88
[90987] 1652261211.992904: Response was from master KDC
[90987] 1652261211.992933: Received error from KDC: -1765328359/Additional
pre-authentication required
[90987] 1652261211.992961: Processing preauth types: 16, 136, 19, 147, 151, 2, 133
[90987] 1652261211.992971: Selected etype info: etype aes256-cts, salt
"XXXhostepmtestapp.xxx", params ""
[90987] 1652261211.992979: Received cookie: MIT1
[90987] 1652261211.993021: Retrieving host/epmtestapp.xxx@XXX from FILE:/etc/krb5.keytab
(vno 0, enctype aes256-cts) with result: 0/Success
[90987] 1652261211.993046: AS key obtained for encrypted timestamp: aes256-cts/C287
[90987] 1652261211.993083: Encrypted timestamp (for 1652261211.993052): plain
301AA011180F32303232303531313039323635315AA10502030F271C, encrypted
08289D768F7FF06911527C7B951D405E1893E39B351717C87677C41E4F0B94647EDDB9F9D1573414F7AE95F7C817D3B9188128CC3F960FA1
[90987] 1652261211.993100: Preauth module encrypted_timestamp (2) (flags=1) returned:
0/Success
[90987] 1652261211.993106: Produced preauth for next request: 133, 2
[90987] 1652261211.993126: Sending request (454 bytes) to XXX
[90987] 1652261211.993171: Initiating TCP connection to stream 192.168.101.160:88
[90987] 1652261211.993340: Sending TCP request to stream 192.168.101.160:88
[90987] 1652261211.995463: Received answer from stream 192.168.101.160:88
[90987] 1652261211.995509: Response was from master KDC
[90987] 1652261211.995543: Processing preauth types: 19
[90987] 1652261211.995553: Selected etype info: etype aes256-cts, salt
"XXXhostepmtestapp.xxx", params ""
[90987] 1652261211.995561: Produced preauth for next request: (empty)
[90987] 1652261211.995572: AS key determined by preauth: aes256-cts/C287
[90987] 1652261211.995605: Decrypted AS reply; session key is: aes256-cts/D2C2
[90987] 1652261211.995630: FAST negotiation: available
[90987] 1652261211.995656: Initializing FILE:/tmp/krb5cc_0 with default princ
host/epmtestapp.xxx@XXX
[90987] 1652261211.995838: Removing host/epmtestapp.xxx@XXX -> krbtgt/XXX@XXX from
FILE:/tmp/krb5cc_0
[90987] 1652261211.995855: Storing host/epmtestapp.xxx@XXX -> krbtgt/XXX@XXX in
FILE:/tmp/krb5cc_0
[90987] 1652261211.995948: Storing config in FILE:/tmp/krb5cc_0 for krbtgt/XXX@XXX:
fast_avail: yes
[90987] 1652261211.995984: Removing host/epmtestapp.xxx@XXX ->
krb5_ccache_conf_data/fast_avail/krbtgt\/XXX\@XXX@X-CACHECONF: from FILE:/tmp/krb5cc_0
[90987] 1652261211.995997: Storing host/epmtestapp.xxx@XXX ->
krb5_ccache_conf_data/fast_avail/krbtgt\/XXX\@XXX@X-CACHECONF: in FILE:/tmp/krb5cc_0
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure