On 03/30/2015 01:55 AM, Jakub Hrozek wrote:
On Fri, Mar 27, 2015 at 10:09:43PM +0100, Lukas Slebodnik wrote:
> On (27/03/15 14:01), Orion Poplawski wrote:
>> (Fri Mar 27 13:51:43 2015) [sssd[be[nwra.com]]] [be_pam_handler_callback]
>> (0x0100): Backend returned: (0, 4, <NULL>) [Success]
> I know that you fixed your problem, but pam error code 4 (System error)
> should not happend in sssd It means some serious problem.
> It can be related to the pevious debug message "krb5_auth_recv request
> Could you provide domain log file and krb5_child.log with enabled verbose
> logging? (put debug_level = 0xfff0 into domain section.
Yes, in addition, it would be nice to see the output of
KRB5_TRACE=/dev/stderr kinit -E -C orion(a)ad.nwra.com
Also, the UPN attribute of your user is really "Orion Poplawski(a)AD.NWRA.COM" ?
A mistake in an AD update set it to that. Obviously it should be
orion(a)AD.NWRA.COM, and is fixed now. Do you still want the kinit trace
for this configuration error?
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane orion(a)cora.nwra.com
Boulder, CO 80301 http://www.cora.nwra.com