On Mon, 2013-06-24 at 17:01 +0200, Jakub Hrozek wrote: > On Mon, Jun 24, 2013 at 04:59:33PM +0200, Jakub Hrozek wrote: > > On Mon, Jun 24, 2013 at 04:23:46PM +0200, Sumit Bose wrote: > > > Hi, > > > > > > David Woodhouse identified an issue with Kerberos ticket renewal. > > > Attached two patches fix two issues related to the authtok refactoring > > > which make renewal for me working again. > > > > > > bye, > > > Sumit > > > > Works for me, too. Ack. > > Pushed both to master.
An improvement, but still not working. Firstly I have to revert commit 3438815242464a963c0d3a70f16579723a20b52d ("LDAP: Retry SID search based on result of LDAP search, not the return code") because otherwise I can't log in at all (I sent logs in private mail). Then it does actually seem to be *trying* to renew, but I get the following: (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [renew_all_tgts] (0x4000): Checking [FILE:/run/user/11268502/krb5cc_11268502_mMuMJO] for renewal at [Mon Jun 24 16:14:44 2013]. (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [renew_handler] (0x1000): Adding new renew timer. (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xa65230 (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xb23cc0 (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [ldb] (0x4000): Running timer event 0xa65230 "ltdb_callback" (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [ldb] (0x4000): Destroying timer event 0xb23cc0 "ltdb_timeout" (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [ldb] (0x4000): Ending timer event 0xa65230 "ltdb_callback" (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [cc_residual_is_used] (0x1000): User [11268502] is still active, reusing ccache [/run/user/11268502/krb5cc_11268502_mMuMJO]. (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [check_for_valid_tgt] (0x0020): krb5_cc_retrieve_cred failed. (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [krb5_auth_send] (0x4000): Ccache_file is [FILE:/run/user/11268502/krb5cc_11268502_mMuMJO] and is active and TGT is not valid. (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [get_server_status] (0x1000): Status of server 'irsger201.ger.corp.intel.com' is 'working' (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'irsger201.ger.corp.intel.com' is 'working' (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 5 seconds (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [get_server_status] (0x1000): Status of server 'irsger201.ger.corp.intel.com' is 'working' (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [be_resolve_server_process] (0x1000): Saving the first resolved server (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [be_resolve_server_process] (0x0200): Found address for server irsger201.ger.corp.intel.com: [163.33.192.36] TTL 2973 (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://irsger201.ger.corp.intel.com' (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://irsger201.ger.corp.intel.com' (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [krb5_auth_prepare_ccache_file] (0x0080): Saved ccache FILE:/run/user/11268502/krb5cc_11268502_mMuMJO if of different type than ccache in configuration file, reusing the old ccache (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [child_handler_setup] (0x2000): Setting up signal handler up for pid [5790] (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [child_handler_setup] (0x2000): Signal handler set up for pid [5790] (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [read_pipe_handler] (0x0400): EOF received, client finished (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [renew_tgt_done] (0x0020): Failed to renew TGT for user [dwoodhou]. (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [child_sig_handler] (0x1000): Waiting for child [5790]. (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [child_sig_handler] (0x0100): child [5790] finished successfully. (Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [sss_child_handler] (0x2000): waitpid failed [10]: No child processes (Mon Jun 24 16:15:42 2013) [sssd[be[ger.corp.intel.com]]] [sbus_dispatch] (0x4000): dbus conn: A40420 FWIW running 'kinit -R' manually does work. -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel