Am 08.04.2015 um 10:27 schrieb Jakub Hrozek: > Can you run: > KRB5_TRACE=/dev/stderr kinit yourprinc@YOUR.REALM > > So that we can compare with the krb5_child.log you sent earlier? I > wonder if SSSD talks to a KDC that is slower or far away from your > client.. > This is my trace from kinit:
[2422] 1428482081.62208: AS key obtained for encrypted timestamp: aes256-cts/61D1 [2422] 1428482081.62288: Encrypted timestamp (for 1428482081.868994): plain ***, encrypted *** [2422] 1428482081.62328: Preauth module encrypted_timestamp (2) (real) returned: 0/Success [2422] 1428482081.62342: Produced preauth for next request: 133, 2 [2422] 1428482081.62379: Sending request (265 bytes) to MITTELERDE.DE [2422] 1428482081.62484: Sending initial UDP request to dgram 1.2.3.4:88 [2422] 1428482081.201814: Received answer (740 bytes) from dgram 1.2.3.4:88 [2422] 1428482081.201872: Response was from master KDC [2422] 1428482081.201905: Processing preauth types: 19 [2422] 1428482081.201914: Selected etype info: etype aes256-cts, salt "***", params "" [2422] 1428482081.201920: Produced preauth for next request: (empty) [2422] 1428482081.201929: AS key determined by preauth: aes256-cts/61D1 [2422] 1428482081.201973: Decrypted AS reply; session key is: aes256-cts/C464 [2422] 1428482081.201991: FAST negotiation: available [2422] 1428482081.202014: Initializing KEYRING:persistent:0:0 with default princ fr...@mittelerde.de [2422] 1428482081.202058: Removing fr...@mittelerde.de -> krbtgt/mittelerde...@mittelerde.de from KEYRING:persistent:0:0 [2422] 1428482081.202065: Storing fr...@mittelerde.de -> krbtgt/mittelerde...@mittelerde.de in KEYRING:persistent:0:0 [2422] 1428482081.202110: Storing config in KEYRING:persistent:0:0 for krbtgt/mittelerde...@mittelerde.de: fast_avail: yes [2422] 1428482081.202126: Removing fr...@mittelerde.de -> krb5_ccache_conf_data/fast_avail/krbtgt\/MITTELERDE.DE\@MITTELERDE.DE@X-CACHECONF: from KEYRING:persistent:0:0 [2422] 1428482081.202133: Storing fr...@mittelerde.de -> krb5_ccache_conf_data/fast_avail/krbtgt\/MITTELERDE.DE\@MITTELERDE.DE@X-CACHECONF: in KEYRING:persistent:0:0 [2422] 1428482081.202166: Storing config in KEYRING:persistent:0:0 for krbtgt/mittelerde...@mittelerde.de: pa_type: 2 [2422] 1428482081.202177: Removing fr...@mittelerde.de -> krb5_ccache_conf_data/pa_type/krbtgt\/MITTELERDE.DE\@MITTELERDE.DE@X-CACHECONF: from KEYRING:persistent:0:0 [2422] 1428482081.202184: Storing fr...@mittelerde.de -> krb5_ccache_conf_data/pa_type/krbtgt\/MITTELERDE.DE\@MITTELERDE.DE@X-CACHECONF: in KEYRING:persistent:0:0 Most of the host can only communicate in the local net, which has not that much hosts (10). The wired ones are connected via GBit Network, wireless it is up to 150MBit. Server is a Xeon E3-1225 with 8GB Mem. All Systems have Fedora 21 installed Martin. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project