On (14/04/15 19:14), Ola Nystrom wrote:
>I have a problem with getting a krb-ticket when logging in to my CentOS 6.6
>server.
>Any idea on how to troubleshoot?
>
>after login with AD-credentionals
>
>> [ola@galaxy ~]$ klist
>> klist: No credentials cache found while retrieving principal name
>
>
>
>> [ola@galaxy ~]$ sssd --version
>
>1.11.6
>
>
>kerberos looks like it works, and the same config works on CentOS7.1
>
>sssd -i -d9 log filtered with krb
>http://pastebin.com/XywvGEmR
>
>[ola@galaxy ~]$ kinit
>Password for ola@ENSKEDE.LOCAL:
>[ola@galaxy ~]$ klist
>Ticket cache: KEYRING:persistent:11103
>Default principal: ola@ENSKEDE.LOCAL
>
>
>Valid starting     Expires            Service principal
>04/14/15 19:11:12  04/15/15 05:11:15  krbtgt/ENSKEDE.LOCAL@ENSKEDE.LOCAL
>        renew until 04/21/15 19:11:12
>
>
>
>my sssd.conf
>[ola@galaxy ~]$ sudo cat /etc/sssd/sssd.conf
>[sudo] password for ola:
>[sssd]
>domains = ENSKEDE.LOCAL
>services = nss, pam, pac
>config_file_version = 2
>
>[domain/ENSKEDE.LOCAL]
>id_provider = ad
>auth_provider = ad
>access_provider = ad
>chpass_provider = ad
>cache_credentials = true
>ldap_id_mapping = False
>ldap_referrals = false
>krb5_use_kdcinfo = false
>krb5_store_password_if_offline = true
>
>[ola@galaxy ~]$ cat /etc/krb5.conf
>[logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
>[libdefaults]
> default_realm = ENSKEDE.LOCAL
> dns_lookup_realm = true
> dns_lookup_kdc = true
> ticket_lifetime = 24h
> renew_lifetime = 7d
> forwardable = true
> rdns = false
> default_ccache_name = KEYRING:persistent:%{uid}

I will reply to this mail as well.
It should work if you remove default_ccache_name from krb5.conf.
CentOS 6.6 has older version of krb5. KEYRING ccache can only work on CentOS7.

LS
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users