On Wed, Apr 08, 2015 at 10:43:10AM +0200, Martin (Lists) wrote: > Am 08.04.2015 um 10:27 schrieb Jakub Hrozek: > > Can you run: > > KRB5_TRACE=/dev/stderr kinit yourprinc@YOUR.REALM > > > > So that we can compare with the krb5_child.log you sent earlier? I > > wonder if SSSD talks to a KDC that is slower or far away from your > > client.. > > > This is my trace from kinit: > > [2422] 1428482081.62208: AS key obtained for encrypted timestamp: > aes256-cts/61D1 > [2422] 1428482081.62288: Encrypted timestamp (for 1428482081.868994): > plain ***, encrypted *** > [2422] 1428482081.62328: Preauth module encrypted_timestamp (2) (real) > returned: 0/Success > [2422] 1428482081.62342: Produced preauth for next request: 133, 2 > [2422] 1428482081.62379: Sending request (265 bytes) to MITTELERDE.DE > [2422] 1428482081.62484: Sending initial UDP request to dgram 1.2.3.4:88 > [2422] 1428482081.201814: Received answer (740 bytes) from dgram 1.2.3.4:88 > [2422] 1428482081.201872: Response was from master KDC > [2422] 1428482081.201905: Processing preauth types: 19 > [2422] 1428482081.201914: Selected etype info: etype aes256-cts, salt > "***", params "" > [2422] 1428482081.201920: Produced preauth for next request: (empty) > [2422] 1428482081.201929: AS key determined by preauth: aes256-cts/61D1 > [2422] 1428482081.201973: Decrypted AS reply; session key is: > aes256-cts/C464 > [2422] 1428482081.201991: FAST negotiation: available > [2422] 1428482081.202014: Initializing KEYRING:persistent:0:0 with > default princ fr...@mittelerde.de > [2422] 1428482081.202058: Removing fr...@mittelerde.de -> > krbtgt/mittelerde...@mittelerde.de from KEYRING:persistent:0:0 > [2422] 1428482081.202065: Storing fr...@mittelerde.de -> > krbtgt/mittelerde...@mittelerde.de in KEYRING:persistent:0:0 > [2422] 1428482081.202110: Storing config in KEYRING:persistent:0:0 for > krbtgt/mittelerde...@mittelerde.de: fast_avail: yes > [2422] 1428482081.202126: Removing fr...@mittelerde.de -> > krb5_ccache_conf_data/fast_avail/krbtgt\/MITTELERDE.DE\@MITTELERDE.DE@X-CACHECONF: > from KEYRING:persistent:0:0 > [2422] 1428482081.202133: Storing fr...@mittelerde.de -> > krb5_ccache_conf_data/fast_avail/krbtgt\/MITTELERDE.DE\@MITTELERDE.DE@X-CACHECONF: > in KEYRING:persistent:0:0 > [2422] 1428482081.202166: Storing config in KEYRING:persistent:0:0 for > krbtgt/mittelerde...@mittelerde.de: pa_type: 2 > [2422] 1428482081.202177: Removing fr...@mittelerde.de -> > krb5_ccache_conf_data/pa_type/krbtgt\/MITTELERDE.DE\@MITTELERDE.DE@X-CACHECONF: > from > KEYRING:persistent:0:0 > > > > [2422] 1428482081.202184: Storing fr...@mittelerde.de -> > krb5_ccache_conf_data/pa_type/krbtgt\/MITTELERDE.DE\@MITTELERDE.DE@X-CACHECONF: > in > KEYRING:persistent:0:0 > > > > > Most of the host can only communicate in the local net, which has not > that much hosts (10). The wired ones are connected via GBit Network, > wireless it is up to 150MBit. Server is a Xeon E3-1225 with 8GB Mem. All > Systems have Fedora 21 installed
Does it communicate with the same KDC as krb5_child? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project