On (22/05/17 06:51), Joakim Tjernlund wrote:
> On Fri, 2017-05-19 at 16:59 +0200, Lukas Slebodnik wrote:
> > On (19/05/17 14:41), Joakim Tjernlund wrote:
> > > On Fri, 2017-05-19 at 16:34 +0200, Lukas Slebodnik wrote:
> > > > On (19/05/17 14:07), Joakim Tjernlund wrote:
> > > > > Will do over the week end
> > > > >
> > > > > >
> > > > > > Please also provide an output of following command
> > > > > > rpm -V sssd-common sssd-krb5-common
> > > > >
> > > > > That is a bit hard as this is Gentoo :)
> > > >
> > > > Ahh sorry;
> > > >
> > > > I cannot see 1.15.2 in portage.
> > > > Which arguments did you pass to configure?
> > >
> > > Sending the ebuilds I use, made by myself as upstream is lagging behind.
> > >
> >
> > Logging to journald is not enabled enabled. So I do not think
> > you fwill find anything in journald :-)
> >
> > sssd is not compiled with non-privileged user therefore
> > it should not cause problems.
> >
> > We will not be able to move it forward without
> > *child log files.
> >
> > LS
>
> Hi again
>
> Got some *child logs now. Can you make something of these?
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [main] (0x0400): ldap_child
started.
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [main] (0x2000): context
initialized
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [unpack_buffer] (0x1000):
total buffer size: 49
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [unpack_buffer] (0x1000):
realm_str size: 12
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [unpack_buffer] (0x1000): got
realm_str:
INFINERA.COM
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [unpack_buffer] (0x1000):
princ_str size: 13
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [unpack_buffer] (0x1000): got
princ_str: GENTOO-LABBB$
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [unpack_buffer] (0x1000):
keytab_name size: 0
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [unpack_buffer] (0x1000):
lifetime: 86400
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [unpack_buffer] (0x0200):
Will run as [0][0].
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [privileged_krb5_setup]
(0x2000): Kerberos context initialized
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [main] (0x2000): Kerberos
context initialized
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [become_user] (0x0200):
Trying to become user [0][0].
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [become_user] (0x0200):
Already user [0].
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [main] (0x2000): Running as
[0][0].
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [main] (0x2000): getting TGT
sync
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [ldap_child_get_tgt_sync]
(0x2000): got realm_name: [
INFINERA.COM]
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [ldap_child_get_tgt_sync]
(0x0100): Principal name is: [GENTOO-LABBB$(a)INFINERA.COM]
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [ldap_child_get_tgt_sync]
(0x0100): Using keytab [MEMORY:/etc/krb5.keytab]
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [ldap_child_get_tgt_sync]
(0x0100): Will canonicalize principals
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.430433: Getting initial credentials for
GENTOO-LABBB$(a)INFINERA.COM
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.430585: Looked up etypes in keytab: des-cbc-crc, des,
des-cbc-crc, aes128-cts, aes256-cts, rc4-hmac
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.430660: Sending request (203 bytes) to
INFINERA.COM
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.430840: Resolving hostname
se-dc01.infinera.com
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.431709: Sending initial UDP request to dgram 10.210.34.21:88
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.432672: Received answer (266 bytes) from dgram
10.210.34.21:88
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.432741: Response was not from master KDC
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.432786: Received error from KDC: -1765328359/Additional
pre-authentication required
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.432851: Processing preauth types: 16, 15, 19, 2
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.432880: Selected etype info: etype aes256-cts, salt
"INFINERA.COMhostgentoo-labbb.infinera.com", params ""
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.432923: Retrieving GENTOO-LABBB$(a)INFINERA.COM from
MEMORY:/etc/krb5.keytab (vno 0, enctype aes256-cts) with result: 0/Success
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.432960: AS key obtained for encrypted timestamp:
aes256-cts/645C
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.433059: Encrypted timestamp (for 1495435577.276052): plain
301AA011180F32303137303532323036343631375AA1050203043654, encrypted
08B7186DAB549BD6AC8DCC76C9E88A5FB59619A42672B848C1CF6605E2AB5EFB54D0EDD8B8FC3D9BC154519791BD77F8938FBADEB6C9F65C
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.433087: Preauth module encrypted_timestamp (2) (real)
returned: 0/Success
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.433103: Produced preauth for next request: 2
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.433137: Sending request (283 bytes) to
INFINERA.COM
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.433172: Resolving hostname
se-dc01.infinera.com
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.433387: Sending initial UDP request to dgram 10.210.34.21:88
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.434554: Received answer (96 bytes) from dgram
10.210.34.21:88
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.434603: Response was not from master KDC
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.434624: Received error from KDC: -1765328332/Response too big
for UDP, retry with TCP
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.434636: Request or response is too big for UDP; retrying with
TCP
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.434647: Sending request (283 bytes) to
INFINERA.COM (tcp
only)
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.434665: Resolving hostname
se-dc01.infinera.com
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.434807: Initiating TCP connection to stream 10.210.34.21:88
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.435110: Sending TCP request to stream 10.210.34.21:88
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.436061: Received answer (1543 bytes) from stream
10.210.34.21:88
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.436086: Terminating TCP connection to stream 10.210.34.21:88
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.436130: Response was not from master KDC
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.436166: Processing preauth types: 19
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.436180: Selected etype info: etype aes256-cts, salt
"INFINERA.COMhostgentoo-labbb.infinera.com", params ""
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.436191: Produced preauth for next request: (empty)
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.436204: AS key determined by preauth: aes256-cts/645C
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.436268: Decrypted AS reply; session key is: aes256-cts/00F2
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.436287: FAST negotiation: unavailable
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [ldap_child_get_tgt_sync]
(0x2000): credentials initialized
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [ldap_child_get_tgt_sync]
(0x2000): keytab ccname: [FILE:/var/lib/sss/db/ccache_INFINERA.COM_wwO4jb]
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.436396: Initializing
FILE:/var/lib/sss/db/ccache_INFINERA.COM_wwO4jb with default princ
GENTOO-LABBB$(a)INFINERA.COM
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [sss_child_krb5_trace_cb]
(0x4000): [17650] 1495435574.436543: Storing GENTOO-LABBB$(a)INFINERA.COM ->
krbtgt/INFINERA.COM(a)INFINERA.COM in FILE:/var/lib/sss/db/ccache_INFINERA.COM_wwO4jb
>
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [ldap_child_get_tgt_sync]
(0x2000): credentials stored
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [ldap_child_get_tgt_sync]
(0x2000): Got KDC time offset
The time is not synchronised between client and server.
MIT krb5 can handle small offset. But I would highly recommends
to keep time in sync.
There is some time problem on and off but this has never been too much. I don't
think this was the root problem here ?
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [ldap_child_get_tgt_sync]
(0x2000): Renaming [/var/lib/sss/db/ccache_INFINERA.COM_wwO4jb] to
[/var/lib/sss/db/ccache_INFINERA.COM]
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [unique_filename_destructor]
(0x2000): Unlinking [/var/lib/sss/db/ccache_INFINERA.COM_wwO4jb]
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [unlink_dbg] (0x2000): File
already removed: [/var/lib/sss/db/ccache_INFINERA.COM_wwO4jb]
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [prepare_response] (0x0400):
Building response for result [0]
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [pack_buffer] (0x2000):
response size: 60
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [pack_buffer] (0x1000):
result [0] krberr [0] msgsize [40] msg [
FILE:/var/lib/sss/db/ccache_INFINERA.COM]
> (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [main] (0x0400): ldap_child
completed successfully
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [main] (0x0400): krb5_child
started.
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [unpack_buffer] (0x1000):
total buffer size: [154]
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [unpack_buffer] (0x0100): cmd
[248] uid [1001] gid [100] validate [true] enterprise principal [false] offline [false]
UPN [jocke(a)INFINERA.COM]
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [unpack_buffer] (0x0100):
ccname: [FILE:/tmp/krb5cc_1001] old_ccname: [FILE:/tmp/krb5cc_1001] keytab:
[/etc/krb5.keytab]
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [check_use_fast] (0x0100):
Not using FAST.
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [switch_creds] (0x0200):
Switch user to [1001][100].
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [sss_krb5_cc_verify_ccache]
(0x2000): TGT not found or expired.
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [switch_creds] (0x0200):
Switch user to [0][0].
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [k5c_check_old_ccache]
(0x4000): Ccache_file is [FILE:/tmp/krb5cc_1001] and is active and TGT is valid.
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [privileged_krb5_setup]
(0x0080): Cannot open the PAC responder socket
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [become_user] (0x0200):
Trying to become user [1001][100].
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [main] (0x2000): Running as
[1001][100].
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [k5c_setup] (0x2000): Running
as [1001][100].
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [set_lifetime_options]
(0x0100): Renewable lifetime is set to [7d]
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [set_lifetime_options]
(0x0100): Lifetime is set to [24h]
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [set_canonicalize_option]
(0x0100): Canonicalization is set to [true]
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [main] (0x0400): Will perform
ticket renewal
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [renew_tgt_child] (0x1000):
Renewing a ticket
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [sss_child_krb5_trace_cb]
(0x4000): [17652] 1495435574.515585: Retrieving jocke(a)INFINERA.COM ->
krbtgt/INFINERA.COM(a)INFINERA.COM from FILE:/tmp/krb5cc_1001 with result: 0/Success
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [sss_child_krb5_trace_cb]
(0x4000): [17652] 1495435574.515616: Get cred via TGT krbtgt/INFINERA.COM(a)INFINERA.COM
after requesting krbtgt/INFINERA.COM(a)INFINERA.COM (canonicalize off)
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [sss_child_krb5_trace_cb]
(0x4000): [17652] 1495435574.515681: Generated subkey for TGS request: aes256-cts/2D54
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [sss_child_krb5_trace_cb]
(0x4000): [17652] 1495435574.515747: etypes requested in TGS request: aes256-cts,
aes128-cts, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts, des-cbc-crc, des,
des-cbc-md4
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [sss_child_krb5_trace_cb]
(0x4000): [17652] 1495435574.515862: Encoding request body and padata into FAST request
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [sss_child_krb5_trace_cb]
(0x4000): [17652] 1495435574.515973: Sending request (1901 bytes) to
INFINERA.COM
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [sss_child_krb5_trace_cb]
(0x4000): [17652] 1495435574.516194: Resolving hostname
se-dc01.infinera.com
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [sss_child_krb5_trace_cb]
(0x4000): [17652] 1495435574.516448: Initiating TCP connection to stream 10.210.34.21:88
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [sss_child_krb5_trace_cb]
(0x4000): [17652] 1495435574.516778: Sending TCP request to stream 10.210.34.21:88
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [sss_child_krb5_trace_cb]
(0x4000): [17652] 1495435574.517190: Received answer (123 bytes) from stream
10.210.34.21:88
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [sss_child_krb5_trace_cb]
(0x4000): [17652] 1495435574.517203: Terminating TCP connection to stream 10.210.34.21:88
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [sss_child_krb5_trace_cb]
(0x4000): [17652] 1495435574.517247: Response was not from master KDC
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [sss_child_krb5_trace_cb]
(0x4000): [17652] 1495435574.517270: Got cred; -1765328352/Ticket expired
> (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [map_krb5_error] (0x0020):
1643: [-1765328352][Ticket expired]
Renewing of a ticket failed because it is already expired.
Maybe due to time shift between client and server(KDC)
Yes, it is expired to begin with. I got a ticket, then suspended the computer long enough
for
the ticket to expire(10 hours here) and then woke up and unlocked the screen.
The problem is that sssd never tries to get a new ticket using my creds I gave when
unlocking.
Even if I do several lock/unlocks after the network is restored, sssd will not get me a
new ticket.
>
> > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [k5c_send_data] (0x0200):
Received error code 1432158229
> > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [pack_response_packet]
(0x2000): response packet size: [4]
> > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [k5c_send_data] (0x4000):
Response sent.
> > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [main] (0x0400):
krb5_child completed successfully
>
> There were 5 more attempts to renew tickets within a second.
> 4 of them failed due to expired ticket. And the last one failed
> due to offline mode.
>
>
> Few seconds later (7) user was authenticated in offline mode.
>
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [main] (0x0400):
krb5_child started.
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [unpack_buffer] (0x1000):
total buffer size: [141]
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [unpack_buffer] (0x0100):
cmd [241] uid [1001] gid [100] validate [true] enterprise principal [false] offline [true]
UPN [jocke(a)INFINERA.COM]
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [unpack_buffer] (0x0100):
ccname: [FILE:/tmp/krb5cc_1001] old_ccname: [FILE:/tmp/krb5cc_1001] keytab:
[/etc/krb5.keytab]
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [check_use_fast]
(0x0100): Not using FAST.
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [switch_creds] (0x0200):
Switch user to [1001][100].
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]]
[sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [switch_creds] (0x0200):
Switch user to [0][0].
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [k5c_check_old_ccache]
(0x4000): Ccache_file is [FILE:/tmp/krb5cc_1001] and is active and TGT is valid.
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [privileged_krb5_setup]
(0x0080): Cannot open the PAC responder socket
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [become_user] (0x0200):
Trying to become user [1001][100].
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [main] (0x2000): Running
as [1001][100].
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [become_user] (0x0200):
Trying to become user [1001][100].
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [become_user] (0x0200):
Already user [1001].
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [k5c_setup] (0x2000):
Running as [1001][100].
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [set_lifetime_options]
(0x0100): Renewable lifetime is set to [7d]
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [set_lifetime_options]
(0x0100): Lifetime is set to [24h]
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [main] (0x0400): Will
perform offline auth
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [create_empty_ccache]
(0x1000): Existing ccache still valid, reusing
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [k5c_send_data] (0x0200):
Received error code 0
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [pack_response_packet]
(0x2000): response packet size: [45]
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [k5c_send_data] (0x4000):
Response sent.
> > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [main] (0x0400):
krb5_child completed successfully
>
> LS
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org