On Mon, 2013-06-24 at 17:01 +0200, Jakub Hrozek wrote: > On Mon, Jun 24, 2013 at 04:59:33PM +0200, Jakub Hrozek wrote: > > On Mon, Jun 24, 2013 at 04:23:46PM +0200, Sumit Bose wrote: > > > Hi, > > > > > > David Woodhouse identified an issue with Kerberos ticket renewal. > > > Attached two patches fix two issues related to the authtok refactoring > > > which make renewal for me working again. > > > > > > bye, > > > Sumit > > > > Works for me, too. Ack. > > Pushed both to master.
An improvement, but still not working.
Firstly I have to revert commit 3438815242464a963c0d3a70f16579723a20b52d
("LDAP: Retry SID search based on result of LDAP search, not the return
code") because otherwise I can't log in at all (I sent logs in private
mail).
Then it does actually seem to be *trying* to renew, but I get the
following:
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [renew_all_tgts]
(0x4000): Checking [FILE:/run/user/11268502/krb5cc_11268502_mMuMJO] for renewal
at [Mon Jun 24 16:14:44 2013].
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [renew_handler]
(0x1000): Adding new renew timer.
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [ldb] (0x4000): Added
timed event "ltdb_callback": 0xa65230
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [ldb] (0x4000): Added
timed event "ltdb_timeout": 0xb23cc0
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [ldb] (0x4000):
Running timer event 0xa65230 "ltdb_callback"
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [ldb] (0x4000):
Destroying timer event 0xb23cc0 "ltdb_timeout"
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [ldb] (0x4000):
Ending timer event 0xa65230 "ltdb_callback"
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [cc_residual_is_used]
(0x1000): User [11268502] is still active, reusing ccache
[/run/user/11268502/krb5cc_11268502_mMuMJO].
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [check_for_valid_tgt]
(0x0020): krb5_cc_retrieve_cred failed.
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [krb5_auth_send]
(0x4000): Ccache_file is [FILE:/run/user/11268502/krb5cc_11268502_mMuMJO] and
is active and TGT is not valid.
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'AD'
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [get_server_status]
(0x1000): Status of server 'irsger201.ger.corp.intel.com' is 'working'
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [get_port_status]
(0x1000): Port status of port 0 for server 'irsger201.ger.corp.intel.com' is
'working'
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]]
[fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 5 seconds
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [get_server_status]
(0x1000): Status of server 'irsger201.ger.corp.intel.com' is 'working'
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]]
[be_resolve_server_process] (0x1000): Saving the first resolved server
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]]
[be_resolve_server_process] (0x0200): Found address for server
irsger201.ger.corp.intel.com: [163.33.192.36] TTL 2973
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [ad_resolve_callback]
(0x0100): Constructed uri 'ldap://irsger201.ger.corp.intel.com'
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [ad_resolve_callback]
(0x0100): Constructed GC uri 'ldap://irsger201.ger.corp.intel.com'
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]]
[krb5_auth_prepare_ccache_file] (0x0080): Saved ccache
FILE:/run/user/11268502/krb5cc_11268502_mMuMJO if of different type than ccache
in configuration file, reusing the old ccache
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [child_handler_setup]
(0x2000): Setting up signal handler up for pid [5790]
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [child_handler_setup]
(0x2000): Signal handler set up for pid [5790]
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [write_pipe_handler]
(0x0400): All data has been sent!
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [read_pipe_handler]
(0x0400): EOF received, client finished
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [renew_tgt_done]
(0x0020): Failed to renew TGT for user [dwoodhou].
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [child_sig_handler]
(0x1000): Waiting for child [5790].
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [child_sig_handler]
(0x0100): child [5790] finished successfully.
(Mon Jun 24 16:15:32 2013) [sssd[be[ger.corp.intel.com]]] [sss_child_handler]
(0x2000): waitpid failed [10]: No child processes
(Mon Jun 24 16:15:42 2013) [sssd[be[ger.corp.intel.com]]] [sbus_dispatch]
(0x4000): dbus conn: A40420
FWIW running 'kinit -R' manually does work.
--
dwmw2
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
