On Mon, 2017-05-22 at 16:38 +0200, Lukas Slebodnik wrote: > On (22/05/17 06:51), Joakim Tjernlund wrote: > > On Fri, 2017-05-19 at 16:59 +0200, Lukas Slebodnik wrote: > > > On (19/05/17 14:41), Joakim Tjernlund wrote: > > > > On Fri, 2017-05-19 at 16:34 +0200, Lukas Slebodnik wrote: > > > > > On (19/05/17 14:07), Joakim Tjernlund wrote: > > > > > > Will do over the week end > > > > > > > > > > > > > > > > > > > > Please also provide an output of following command > > > > > > > rpm -V sssd-common sssd-krb5-common > > > > > > > > > > > > That is a bit hard as this is Gentoo :) > > > > > > > > > > Ahh sorry; > > > > > > > > > > I cannot see 1.15.2 in portage. > > > > > Which arguments did you pass to configure? > > > > > > > > Sending the ebuilds I use, made by myself as upstream is lagging behind. > > > > > > > > > > Logging to journald is not enabled enabled. So I do not think > > > you fwill find anything in journald :-) > > > > > > sssd is not compiled with non-privileged user therefore > > > it should not cause problems. > > > > > > We will not be able to move it forward without > > > *child log files. > > > > > > LS > > > > Hi again > > > > Got some *child logs now. Can you make something of these? > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [main] (0x0400): > > ldap_child started. > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [main] (0x2000): > > context initialized > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [unpack_buffer] > > (0x1000): total buffer size: 49 > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [unpack_buffer] > > (0x1000): realm_str size: 12 > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [unpack_buffer] > > (0x1000): got realm_str: INFINERA.COM > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [unpack_buffer] > > (0x1000): princ_str size: 13 > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [unpack_buffer] > > (0x1000): got princ_str: GENTOO-LABBB$ > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [unpack_buffer] > > (0x1000): keytab_name size: 0 > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [unpack_buffer] > > (0x1000): lifetime: 86400 > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [unpack_buffer] > > (0x0200): Will run as [0][0]. > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [privileged_krb5_setup] (0x2000): Kerberos context initialized > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [main] (0x2000): > > Kerberos context initialized > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [become_user] > > (0x0200): Trying to become user [0][0]. > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [become_user] > > (0x0200): Already user [0]. > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [main] (0x2000): > > Running as [0][0]. > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [main] (0x2000): > > getting TGT sync > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [ldap_child_get_tgt_sync] (0x2000): got realm_name: [INFINERA.COM] > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [ldap_child_get_tgt_sync] (0x0100): Principal name is: > > [GENTOO-LABBB$@INFINERA.COM] > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.430433: Getting > > initial credentials for GENTOO-LABBB$@INFINERA.COM > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.430585: Looked up > > etypes in keytab: des-cbc-crc, des, des-cbc-crc, aes128-cts, aes256-cts, > > rc4-hmac > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.430660: Sending > > request (203 bytes) to INFINERA.COM > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.430840: Resolving > > hostname se-dc01.infinera.com > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.431709: Sending > > initial UDP request to dgram 10.210.34.21:88 > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.432672: Received > > answer (266 bytes) from dgram 10.210.34.21:88 > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.432741: Response was > > not from master KDC > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.432786: Received > > error from KDC: -1765328359/Additional pre-authentication required > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.432851: Processing > > preauth types: 16, 15, 19, 2 > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.432880: Selected > > etype info: etype aes256-cts, salt > > "INFINERA.COMhostgentoo-labbb.infinera.com", params "" > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.432923: Retrieving > > GENTOO-LABBB$@INFINERA.COM from MEMORY:/etc/krb5.keytab (vno 0, enctype > > aes256-cts) with result: 0/Success > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.432960: AS key > > obtained for encrypted timestamp: aes256-cts/645C > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.433059: Encrypted > > timestamp (for 1495435577.276052): plain > > 301AA011180F32303137303532323036343631375AA1050203043654, encrypted > > 08B7186DAB549BD6AC8DCC76C9E88A5FB59619A42672B848C1CF6605E2AB5EFB54D0EDD8B8FC3D9BC154519791BD77F8938FBADEB6C9F65C > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.433087: Preauth > > module encrypted_timestamp (2) (real) returned: 0/Success > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.433103: Produced > > preauth for next request: 2 > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.433137: Sending > > request (283 bytes) to INFINERA.COM > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.433172: Resolving > > hostname se-dc01.infinera.com > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.433387: Sending > > initial UDP request to dgram 10.210.34.21:88 > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.434554: Received > > answer (96 bytes) from dgram 10.210.34.21:88 > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.434603: Response was > > not from master KDC > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.434624: Received > > error from KDC: -1765328332/Response too big for UDP, retry with TCP > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.434636: Request or > > response is too big for UDP; retrying with TCP > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.434647: Sending > > request (283 bytes) to INFINERA.COM (tcp only) > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.434665: Resolving > > hostname se-dc01.infinera.com > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.434807: Initiating > > TCP connection to stream 10.210.34.21:88 > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.435110: Sending TCP > > request to stream 10.210.34.21:88 > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.436061: Received > > answer (1543 bytes) from stream 10.210.34.21:88 > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.436086: Terminating > > TCP connection to stream 10.210.34.21:88 > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.436130: Response was > > not from master KDC > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.436166: Processing > > preauth types: 19 > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.436180: Selected > > etype info: etype aes256-cts, salt > > "INFINERA.COMhostgentoo-labbb.infinera.com", params "" > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.436191: Produced > > preauth for next request: (empty) > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.436204: AS key > > determined by preauth: aes256-cts/645C > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.436268: Decrypted AS > > reply; session key is: aes256-cts/00F2 > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.436287: FAST > > negotiation: unavailable > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [ldap_child_get_tgt_sync] (0x2000): credentials initialized > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [ldap_child_get_tgt_sync] (0x2000): keytab ccname: > > [FILE:/var/lib/sss/db/ccache_INFINERA.COM_wwO4jb] > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.436396: Initializing > > FILE:/var/lib/sss/db/ccache_INFINERA.COM_wwO4jb with default princ > > GENTOO-LABBB$@INFINERA.COM > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17650] 1495435574.436543: Storing > > GENTOO-LABBB$@INFINERA.COM -> krbtgt/infinera....@infinera.com in > > FILE:/var/lib/sss/db/ccache_INFINERA.COM_wwO4jb > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [ldap_child_get_tgt_sync] (0x2000): credentials stored > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset > > The time is not synchronised between client and server. > MIT krb5 can handle small offset. But I would highly recommends > to keep time in sync.
There is some time problem on and off but this has never been too much. I don't think this was the root problem here ? > > > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [ldap_child_get_tgt_sync] (0x2000): Renaming > > [/var/lib/sss/db/ccache_INFINERA.COM_wwO4jb] to > > [/var/lib/sss/db/ccache_INFINERA.COM] > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] > > [unique_filename_destructor] (0x2000): Unlinking > > [/var/lib/sss/db/ccache_INFINERA.COM_wwO4jb] > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [unlink_dbg] > > (0x2000): File already removed: [/var/lib/sss/db/ccache_INFINERA.COM_wwO4jb] > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [prepare_response] > > (0x0400): Building response for result [0] > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [pack_buffer] > > (0x2000): response size: 60 > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [pack_buffer] > > (0x1000): result [0] krberr [0] msgsize [40] msg > > [FILE:/var/lib/sss/db/ccache_INFINERA.COM] > > (Mon May 22 08:46:14 2017) [[sssd[ldap_child[17650]]]] [main] (0x0400): > > ldap_child completed successfully > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [main] (0x0400): > > krb5_child started. > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [unpack_buffer] > > (0x1000): total buffer size: [154] > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [unpack_buffer] > > (0x0100): cmd [248] uid [1001] gid [100] validate [true] enterprise > > principal [false] offline [false] UPN [jo...@infinera.com] > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [unpack_buffer] > > (0x0100): ccname: [FILE:/tmp/krb5cc_1001] old_ccname: > > [FILE:/tmp/krb5cc_1001] keytab: [/etc/krb5.keytab] > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [check_use_fast] > > (0x0100): Not using FAST. > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [switch_creds] > > (0x0200): Switch user to [1001][100]. > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired. > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [switch_creds] > > (0x0200): Switch user to [0][0]. > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [k5c_check_old_ccache] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1001] and > > is active and TGT is valid. > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [become_user] > > (0x0200): Trying to become user [1001][100]. > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [main] (0x2000): > > Running as [1001][100]. > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [k5c_setup] > > (0x2000): Running as [1001][100]. > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [set_lifetime_options] (0x0100): Renewable lifetime is set to [7d] > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [set_lifetime_options] (0x0100): Lifetime is set to [24h] > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [set_canonicalize_option] (0x0100): Canonicalization is set to [true] > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [main] (0x0400): > > Will perform ticket renewal > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [renew_tgt_child] > > (0x1000): Renewing a ticket > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17652] 1495435574.515585: Retrieving > > jo...@infinera.com -> krbtgt/infinera....@infinera.com from > > FILE:/tmp/krb5cc_1001 with result: 0/Success > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17652] 1495435574.515616: Get cred via > > TGT krbtgt/infinera....@infinera.com after requesting > > krbtgt/infinera....@infinera.com (canonicalize off) > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17652] 1495435574.515681: Generated > > subkey for TGS request: aes256-cts/2D54 > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17652] 1495435574.515747: etypes > > requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac, > > camellia128-cts, camellia256-cts, des-cbc-crc, des, des-cbc-md4 > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17652] 1495435574.515862: Encoding > > request body and padata into FAST request > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17652] 1495435574.515973: Sending > > request (1901 bytes) to INFINERA.COM > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17652] 1495435574.516194: Resolving > > hostname se-dc01.infinera.com > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17652] 1495435574.516448: Initiating > > TCP connection to stream 10.210.34.21:88 > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17652] 1495435574.516778: Sending TCP > > request to stream 10.210.34.21:88 > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17652] 1495435574.517190: Received > > answer (123 bytes) from stream 10.210.34.21:88 > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17652] 1495435574.517203: Terminating > > TCP connection to stream 10.210.34.21:88 > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17652] 1495435574.517247: Response was > > not from master KDC > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [sss_child_krb5_trace_cb] (0x4000): [17652] 1495435574.517270: Got cred; > > -1765328352/Ticket expired > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [map_krb5_error] > > (0x0020): 1643: [-1765328352][Ticket expired] > > Renewing of a ticket failed because it is already expired. > Maybe due to time shift between client and server(KDC) Yes, it is expired to begin with. I got a ticket, then suspended the computer long enough for the ticket to expire(10 hours here) and then woke up and unlocked the screen. The problem is that sssd never tries to get a new ticket using my creds I gave when unlocking. Even if I do several lock/unlocks after the network is restored, sssd will not get me a new ticket. > > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [k5c_send_data] > > (0x0200): Received error code 1432158229 > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] > > [pack_response_packet] (0x2000): response packet size: [4] > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [k5c_send_data] > > (0x4000): Response sent. > > (Mon May 22 08:46:14 2017) [[sssd[krb5_child[17652]]]] [main] (0x0400): > > krb5_child completed successfully > > There were 5 more attempts to renew tickets within a second. > 4 of them failed due to expired ticket. And the last one failed > due to offline mode. > > > Few seconds later (7) user was authenticated in offline mode. > > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [main] (0x0400): > > krb5_child started. > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [unpack_buffer] > > (0x1000): total buffer size: [141] > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [unpack_buffer] > > (0x0100): cmd [241] uid [1001] gid [100] validate [true] enterprise > > principal [false] offline [true] UPN [jo...@infinera.com] > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [unpack_buffer] > > (0x0100): ccname: [FILE:/tmp/krb5cc_1001] old_ccname: > > [FILE:/tmp/krb5cc_1001] keytab: [/etc/krb5.keytab] > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [check_use_fast] > > (0x0100): Not using FAST. > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [switch_creds] > > (0x0200): Switch user to [1001][100]. > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] > > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired. > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [switch_creds] > > (0x0200): Switch user to [0][0]. > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] > > [k5c_check_old_ccache] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1001] and > > is active and TGT is valid. > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] > > [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [become_user] > > (0x0200): Trying to become user [1001][100]. > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [main] (0x2000): > > Running as [1001][100]. > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [become_user] > > (0x0200): Trying to become user [1001][100]. > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [become_user] > > (0x0200): Already user [1001]. > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [k5c_setup] > > (0x2000): Running as [1001][100]. > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] > > [set_lifetime_options] (0x0100): Renewable lifetime is set to [7d] > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] > > [set_lifetime_options] (0x0100): Lifetime is set to [24h] > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [main] (0x0400): > > Will perform offline auth > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] > > [create_empty_ccache] (0x1000): Existing ccache still valid, reusing > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [k5c_send_data] > > (0x0200): Received error code 0 > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] > > [pack_response_packet] (0x2000): response packet size: [45] > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [k5c_send_data] > > (0x4000): Response sent. > > (Mon May 22 08:46:21 2017) [[sssd[krb5_child[17694]]]] [main] (0x0400): > > krb5_child completed successfully > > LS > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
