On (22/05/17 14:53), Joakim Tjernlund wrote: >> The time is not synchronised between client and server. >> MIT krb5 can handle small offset. But I would highly recommends >> to keep time in sync. > >There is some time problem on and off but this has never been too much. I don't >think this was the root problem here ? >
As I already mention I would highly recommend to keep time in sync. It will reduce possible errors. Configure ntpd/chrony on client and server is not a rocket science :-) >> Renewing of a ticket failed because it is already expired. >> Maybe due to time shift between client and server(KDC) > >Yes, it is expired to begin with. I got a ticket, then suspended the computer >long enough for >the ticket to expire(10 hours here) and then woke up and unlocked the screen. >The problem is that sssd never tries to get a new ticket using my creds I gave >when unlocking. >Even if I do several lock/unlocks after the network is restored, sssd will not >get me a new ticket. > sssd would get new ticket if it was in online mode. But it offline mode. I would highly recommend to keep time in sync with server and then debug why sssd was in offline mode. Or why it went to offline mode. With 1.15 you can use sssctl e.g. sssctl domain-status example.com Online status: Online Active servers: KPASSWD: not connected KERBEROS: not connected LDAP: ldap.abc.example.com Discovered KPASSWD servers: - kerberos.abc.example.com Discovered KERBEROS servers: - kerberos.abc.example.com Discovered LDAP servers: - ldap.abc.example.com - ldap.corp.example.com LS _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org