On Fri, Jan 15, 2021 at 01:45:33PM +0100, mbalembo wrote:
Hello,
I have trouble obtaining a kerberos ticket when loggin with sssd.
in /var/log/sssd/krb5_child.log i get the line :
[[sssd[krb5_child[9521]]]] [unpack_buffer] (0x0100): cmd [241] uid [10007]
gid [10000] validate [false] enterprise principal [true] offline [false] UPN
[USER@MYDOMAIN]
My problem is i need to restart the service to switch this to "offline
[false]".
(Note that authentication works otherwise, it's just the kerberos ticket
that is missing).
Maybe I missed an option to set the update rate ?
Hi,
you should check in the domain log sssd_your.domain.name.log why SSSD
switched into offline mode. It might be an error while connecting to a
LDAP server or hitting some timeouts during authentication or other
reasons.
In offline mode SSSD uses a cached password has from the last successful
online authentication to authenticate the user. That explains why
authentication works but you do not have a Kerberos ticket, which can
only be requested when online.
HTH
bye,
Sumit
Thanks,
Marc
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...