The "KRB5_TRACE=/dev/stderr kinit jon" command helped out immensely by pointing out that it was failing on dir1, but not dir0.
Turns out it was a DNS issue on my second directory server was breaking replication. Thank you for the assistance. On Tue, Feb 23, 2016 at 3:42 PM, Jakub Hrozek <jhro...@redhat.com> wrote: > On Tue, Feb 23, 2016 at 03:33:31PM -0500, Jester wrote: > > Made no changes to the system between posting. Only tried a couple of > > kinits to generate some logs. > > > > Set sssd debug to 9, restarted, did a few kinits. > > kinit doesn't hit sssd, but goes directly to the KDC. > > > > > root@nuc0:/var/log/sssd# service sssd start > > root@nuc0:/var/log/sssd# kinit admin > > Password for ad...@mrjester.net: > > root@nuc0:/var/log/sssd# kinit jon > > kinit: Client 'j...@mrjester.net' not found in Kerberos database while > > Again, if you're sure the principal 'jon' exists on the server, then I > would suggest to try: > KRB5_TRACE=/dev/stderr kinit jon > and see if you talk to the KDC you expect. >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
