API tools faq
paste
Advertisement
Guest User

sssd krb5 debug9

a guest
Apr 14th, 2015
380
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 32.37 KB | None | 0 0
raw download clone embed print report
  1. [root@galaxy sssd]# /usr/sbin/sssd -d9 -i 2>&1 | grep krb
  2. (Tue Apr 14 19:06:31 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_keytab has no value
  3. (Tue Apr 14 19:06:31 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_realm has no value
  4. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option ldap_krb5_keytab has no value
  5. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option ldap_krb5_init_creds is TRUE
  6. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_server has no value
  7. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_backup_server has no value
  8. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_realm has no value
  9. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_canonicalize is FALSE
  10. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_use_kdcinfo is FALSE
  11. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option ldap_krb5_ticket_lifetime has value 86400
  12. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [sdap_get_map] (0x0400): Option ldap_user_krb_last_pwd_change has no value
  13. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [sdap_get_map] (0x0400): Option ldap_user_krb_password_expiration has no value
  14. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [ad_set_ad_id_options] (0x0100): Option krb5_realm set to ENSKEDE.LOCAL
  15. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_server has no value
  16. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_backup_server has no value
  17. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_realm has no value
  18. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_ccachedir has value /tmp
  19. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_ccname_template has no value
  20. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_auth_timeout has value 6
  21. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_keytab has value /etc/krb5.keytab
  22. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_validate is TRUE
  23. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_kpasswd has no value
  24. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_backup_kpasswd has no value
  25. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_store_password_if_offline is TRUE
  26. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_renewable_lifetime has no value
  27. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_lifetime has no value
  28. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_renew_interval has no value
  29. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_use_fast has no value
  30. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_fast_principal has no value
  31. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_canonicalize is FALSE
  32. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_use_enterprise_principal is TRUE
  33. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_get_options] (0x0400): Option krb5_use_kdcinfo is FALSE
  34. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [ad_get_auth_options] (0x0100): Option krb5_server set to (null)
  35. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [ad_get_auth_options] (0x0100): Option krb5_realm set to ENSKEDE.LOCAL
  36. (Tue Apr 14 19:06:32 2015) [sssd[be[ENSKEDE.LOCAL]]] [ad_get_auth_options] (0x0100): Option krb5_use_kdcinfo set to false
  37. (Tue Apr 14 19:06:33 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_copy_options_ex] (0x0400): Option krb5_keytab has no value
  38. (Tue Apr 14 19:06:33 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_copy_options_ex] (0x0400): Option krb5_realm has value ENSKEDE.LOCAL
  39. (Tue Apr 14 19:06:33 2015) [sssd[be[ENSKEDE.LOCAL]]] [sss_write_domain_mappings] (0x0200): Mapping file for domain [ENSKEDE.LOCAL] is [/var/lib/sss/pubconf/krb5.include.d/domain_realm_ENSKEDE_LOCAL]
  40. (Tue Apr 14 19:06:33 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_copy_options_ex] (0x0400): Option krb5_keytab has no value
  41. (Tue Apr 14 19:06:33 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_copy_options_ex] (0x0400): Option krb5_realm has no value
  42. (Tue Apr 14 19:06:33 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_copy_options_ex] (0x0400): Option ldap_krb5_keytab has no value
  43. (Tue Apr 14 19:06:33 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_copy_options_ex] (0x0400): Option ldap_krb5_init_creds is TRUE
  44. (Tue Apr 14 19:06:33 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_copy_options_ex] (0x0400): Option krb5_server has no value
  45. (Tue Apr 14 19:06:33 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_copy_options_ex] (0x0400): Option krb5_backup_server has no value
  46. (Tue Apr 14 19:06:33 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_copy_options_ex] (0x0400): Option krb5_realm has no value
  47. (Tue Apr 14 19:06:33 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_copy_options_ex] (0x0400): Option krb5_canonicalize is FALSE
  48. (Tue Apr 14 19:06:33 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_copy_options_ex] (0x0400): Option krb5_use_kdcinfo is TRUE
  49. (Tue Apr 14 19:06:33 2015) [sssd[be[ENSKEDE.LOCAL]]] [dp_copy_options_ex] (0x0400): Option ldap_krb5_ticket_lifetime has value 86400
  50. (Tue Apr 14 19:06:33 2015) [sssd[be[ENSKEDE.LOCAL]]] [sdap_copy_map] (0x0400): Option ldap_user_krb_last_pwd_change has no value
  51. (Tue Apr 14 19:06:33 2015) [sssd[be[ENSKEDE.LOCAL]]] [sdap_copy_map] (0x0400): Option ldap_user_krb_password_expiration has no value
  52. (Tue Apr 14 19:06:33 2015) [sssd[be[ENSKEDE.LOCAL]]] [ad_set_ad_id_options] (0x0100): Option krb5_realm set to ENSKEDE.LOCAL
  53. (Tue Apr 14 19:06:34 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031194.866344: Getting initial credentials for GALAXY$@ENSKEDE.LOCAL
  54. (Tue Apr 14 19:06:34 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031194.872209: Looked up etypes in keytab: des-cbc-crc, des, des-cbc-crc, aes128-cts, aes256-cts, rc4-hmac
  55. (Tue Apr 14 19:06:34 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031194.873696: Sending request (203 bytes) to ENSKEDE.LOCAL
  56. (Tue Apr 14 19:06:34 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031194.914234: Resolving hostname enskedead02.enskede.local.
  57. (Tue Apr 14 19:06:34 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031194.939720: Sending initial UDP request to dgram 10.77.20.100:88
  58. (Tue Apr 14 19:06:34 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031194.956081: Received answer from dgram 10.77.20.100:88
  59. (Tue Apr 14 19:06:34 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031194.992705: Response was not from master KDC
  60. (Tue Apr 14 19:06:34 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031194.995261: Received error from KDC: -1765328359/Additional pre-authentication required
  61. (Tue Apr 14 19:06:34 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031194.997181: Processing preauth types: 16, 15, 19, 2
  62. (Tue Apr 14 19:06:34 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031194.998113: Selected etype info: etype aes256-cts, salt "ENSKEDE.LOCALhostgalaxy.enskede.local", params ""
  63. (Tue Apr 14 19:06:35 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031195.885: Retrieving GALAXY$@ENSKEDE.LOCAL from FILE:/etc/krb5.keytab (vno 0, enctype aes256-cts) with result: 0/Success
  64. (Tue Apr 14 19:06:35 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031195.2039: AS key obtained for encrypted timestamp: aes256-cts/9498
  65. (Tue Apr 14 19:06:35 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031195.5400: Encrypted timestamp (for 1429031195.2844): plain 3019A011180F32303135303431343137303633355AA10402020B1C, encrypted AEA2788D00A923692A6D7AB1F9F0B8D8C385B0E4F01D9EA40A796DA0E761E7EDC63427BA00CF50F44F2C03685D8A2B1A464DFEB58EFBE9
  66. (Tue Apr 14 19:06:35 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031195.6429: Preauth module encrypted_timestamp (2) (flags=1) returned: 0/Success
  67. (Tue Apr 14 19:06:35 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031195.7749: Produced preauth for next request: 2
  68. (Tue Apr 14 19:06:35 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031195.8519: Sending request (282 bytes) to ENSKEDE.LOCAL
  69. (Tue Apr 14 19:06:35 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031195.66105: Resolving hostname enskedead01.enskede.local.
  70. (Tue Apr 14 19:06:35 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031195.79157: Sending initial UDP request to dgram 10.77.20.50:88
  71. (Tue Apr 14 19:06:35 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031195.110050: Received answer from dgram 10.77.20.50:88
  72. (Tue Apr 14 19:06:35 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031195.120280: Response was not from master KDC
  73. (Tue Apr 14 19:06:35 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031195.123174: Processing preauth types: 19
  74. (Tue Apr 14 19:06:35 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031195.124278: Selected etype info: etype aes256-cts, salt "ENSKEDE.LOCALhostgalaxy.enskede.local", params ""
  75. (Tue Apr 14 19:06:35 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031195.126111: Produced preauth for next request: (empty)
  76. (Tue Apr 14 19:06:35 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031195.128665: AS key determined by preauth: aes256-cts/9498
  77. (Tue Apr 14 19:06:35 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031195.133145: Decrypted AS reply; session key is: rc4-hmac/4EC7
  78. (Tue Apr 14 19:06:35 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): (Tue Apr 14 19:06:35 2015) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[25324].
  79. (Tue Apr 14 19:06:35 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): (Tue Apr 14 19:06:35 2015) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1e0fb00][18]
  80. (Tue Apr 14 19:06:37 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031197.908643: Removing GALAXY$@ENSKEDE.LOCAL -> krbtgt/ENSKEDE.LOCAL@ENSKEDE.LOCAL from FILE:/var/lib/sss/db/ccache_ENSKEDE.LOCAL_Z7k1g8
  81. (Tue Apr 14 19:06:37 2015) [[sssd[ldap_child[25326]]]] [sss_child_krb5_trace_cb] (0x4000): [25326] 1429031197.909503: Storing GALAXY$@ENSKEDE.LOCAL -> krbtgt/ENSKEDE.LOCAL@ENSKEDE.LOCAL in FILE:/var/lib/sss/db/ccache_ENSKEDE.LOCAL_Z7k1g8
  82. (Tue Apr 14 19:06:37 2015) [[sssd[ldap_child[25326]]]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [41] msg [FILE:/var/lib/sss/db/ccache_ENSKEDE.LOCAL]
  83. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.130827: Getting initial credentials for GALAXY$@ENSKEDE.LOCAL
  84. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.136313: Looked up etypes in keytab: des-cbc-crc, des, des-cbc-crc, aes128-cts, aes256-cts, rc4-hmac
  85. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.137679: Sending request (203 bytes) to ENSKEDE.LOCAL
  86. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.157031: Resolving hostname enskedead02.enskede.local.
  87. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.183199: Sending initial UDP request to dgram 10.77.20.100:88
  88. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.203521: Received answer from dgram 10.77.20.100:88
  89. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.212337: Response was not from master KDC
  90. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.213458: Received error from KDC: -1765328359/Additional pre-authentication required
  91. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.215047: Processing preauth types: 16, 15, 19, 2
  92. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.215691: Selected etype info: etype aes256-cts, salt "ENSKEDE.LOCALhostgalaxy.enskede.local", params ""
  93. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.219934: Retrieving GALAXY$@ENSKEDE.LOCAL from FILE:/etc/krb5.keytab (vno 0, enctype aes256-cts) with result: 0/Success
  94. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.220923: AS key obtained for encrypted timestamp: aes256-cts/9498
  95. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.222683: Encrypted timestamp (for 1429031199.221311): plain 301AA011180F32303135303431343137303633395AA105020303607F, encrypted F911DE27C62B77439C73DCE3F2C17E169E76C7DBB42CEF1987E8BD1175D368A5ADEBADC78E9EF3B1A90B8EC63261E753DAA9E3F3DD514387
  96. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.224933: Preauth module encrypted_timestamp (2) (flags=1) returned: 0/Success
  97. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.225362: Produced preauth for next request: 2
  98. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.226098: Sending request (283 bytes) to ENSKEDE.LOCAL
  99. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.242056: Resolving hostname enskedead01.enskede.local.
  100. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.252341: Sending initial UDP request to dgram 10.77.20.50:88
  101. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.270100: Received answer from dgram 10.77.20.50:88
  102. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.280828: Response was not from master KDC
  103. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.282450: Processing preauth types: 19
  104. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.287009: Selected etype info: etype aes256-cts, salt "ENSKEDE.LOCALhostgalaxy.enskede.local", params ""
  105. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.288068: Produced preauth for next request: (empty)
  106. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.290622: AS key determined by preauth: aes256-cts/9498
  107. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.296725: Decrypted AS reply; session key is: rc4-hmac/44AE
  108. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.297615: FAST negotiation: unavailable
  109. (Tue Apr 14 19:06:39 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031199.303709: Initializing FILE:/var/lib/sss/db/ccache_ENSKEDE.LOCAL_q6PwJn with default princ GALAXY$@ENSKEDE.LOCAL
  110. (Tue Apr 14 19:06:42 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031202.109321: Removing GALAXY$@ENSKEDE.LOCAL -> krbtgt/ENSKEDE.LOCAL@ENSKEDE.LOCAL from FILE:/var/lib/sss/db/ccache_ENSKEDE.LOCAL_q6PwJn
  111. (Tue Apr 14 19:06:42 2015) [[sssd[ldap_child[25328]]]] [sss_child_krb5_trace_cb] (0x4000): [25328] 1429031202.111110: Storing GALAXY$@ENSKEDE.LOCAL -> krbtgt/ENSKEDE.LOCAL@ENSKEDE.LOCAL in FILE:/var/lib/sss/db/ccache_ENSKEDE.LOCAL_q6PwJn
  112. (Tue Apr 14 19:06:42 2015) [[sssd[ldap_child[25328]]]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [41] msg [FILE:/var/lib/sss/db/ccache_ENSKEDE.LOCAL]
  113. (Tue Apr 14 19:06:42 2015) [sssd[be[ENSKEDE.LOCAL]]] [sdap_attrs_add_ldap_attr] (0x2000): krbLastPwdChange is not available for [ola].
  114. (Tue Apr 14 19:06:42 2015) [sssd[be[ENSKEDE.LOCAL]]] [sdap_attrs_add_ldap_attr] (0x2000): krbPasswordExpiration is not available for [ola].
  115. (Tue Apr 14 19:06:42 2015) [sssd[be[ENSKEDE.LOCAL]]] [krb5_pam_handler] (0x1000): Wait queue of user [ola] is empty, running request immediately.
  116. (Tue Apr 14 19:06:42 2015) [sssd[be[ENSKEDE.LOCAL]]] [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
  117. (Tue Apr 14 19:06:42 2015) [sssd[be[ENSKEDE.LOCAL]]] [krb5_auth_send] (0x4000): Ccache_file is [KEYRING:persistent:11103] and is active and TGT is valid.
  118. (Tue Apr 14 19:06:42 2015) [[sssd[krb5_child[25336]]]] [main] (0x0400): krb5_child started.
  119. (Tue Apr 14 19:06:42 2015) [[sssd[krb5_child[25336]]]] [unpack_buffer] (0x1000): total buffer size: [117]
  120. (Tue Apr 14 19:06:42 2015) [[sssd[krb5_child[25336]]]] [unpack_buffer] (0x0100): cmd [241] uid [11103] gid [11116] validate [true] enterprise principal [true] offline [false] UPN [ola@ENSKEDE.LOCAL]
  121. (Tue Apr 14 19:06:42 2015) [[sssd[krb5_child[25336]]]] [unpack_buffer] (0x0100): ccname: [KEYRING:persistent:11103] keytab: [/etc/krb5.keytab]
  122. (Tue Apr 14 19:06:42 2015) [[sssd[krb5_child[25336]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
  123. (Tue Apr 14 19:06:42 2015) [[sssd[krb5_child[25336]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment.
  124. (Tue Apr 14 19:06:42 2015) [[sssd[krb5_child[25336]]]] [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
  125. (Tue Apr 14 19:06:42 2015) [[sssd[krb5_child[25336]]]] [k5c_setup] (0x0100): Not using FAST.
  126. (Tue Apr 14 19:06:42 2015) [[sssd[krb5_child[25336]]]] [main] (0x0400): Will perform online auth
  127. (Tue Apr 14 19:06:42 2015) [[sssd[krb5_child[25336]]]] [tgt_req_child] (0x1000): Attempting to get a TGT
  128. (Tue Apr 14 19:06:42 2015) [[sssd[krb5_child[25336]]]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [ENSKEDE.LOCAL]
  129. (Tue Apr 14 19:06:42 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031202.960879: Getting initial credentials for ola\@ENSKEDE.LOCAL@ENSKEDE.LOCAL
  130. (Tue Apr 14 19:06:42 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031202.965660: Sending request (213 bytes) to ENSKEDE.LOCAL
  131. (Tue Apr 14 19:06:42 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031202.996409: Resolving hostname enskedead02.enskede.local.
  132. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.18434: Sending initial UDP request to dgram 10.77.20.100:88
  133. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.32510: Received answer from dgram 10.77.20.100:88
  134. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.43163: Response was not from master KDC
  135. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.44363: Received error from KDC: -1765328359/Additional pre-authentication required
  136. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.46110: Processing preauth types: 16, 15, 19, 2
  137. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.47308: Selected etype info: etype aes256-cts, salt "ENSKEDE.LOCALola", params ""
  138. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.423160: AS key obtained for encrypted timestamp: aes256-cts/3237
  139. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.426186: Encrypted timestamp (for 1429031203.424817): plain 301AA011180F32303135303431343137303634335AA1050203067B71, encrypted AB4F7C428F484A8BE90D8C9ECC12BA21C0E26FAA8D0F65B123D31A61AB1E606865E5DEB768E278A485F031A35EA9BCA04ED3AD024D8F36DC
  140. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.427247: Preauth module encrypted_timestamp (2) (flags=1) returned: 0/Success
  141. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.428317: Produced preauth for next request: 2
  142. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.429384: Sending request (293 bytes) to ENSKEDE.LOCAL
  143. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.452375: Resolving hostname enskedead02.enskede.local.
  144. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.503483: Sending initial UDP request to dgram 10.77.20.100:88
  145. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.523111: Received answer from dgram 10.77.20.100:88
  146. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.533241: Response was not from master KDC
  147. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.537891: Processing preauth types: 19
  148. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.538952: Selected etype info: etype aes256-cts, salt "ENSKEDE.LOCALola", params ""
  149. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.540790: Produced preauth for next request: (empty)
  150. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.541386: AS key determined by preauth: aes256-cts/3237
  151. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.543386: Decrypted AS reply; session key is: rc4-hmac/0228
  152. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.544371: FAST negotiation: unavailable
  153. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_krb5_expire_callback_func] (0x2000): exp_time: [707478082]
  154. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential.
  155. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.561473: Retrieving host/galaxy.enskede.local@ENSKEDE.LOCAL from FILE:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success
  156. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.562287: Resolving unique ccache of type MEMORY
  157. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.563310: Initializing MEMORY:54envuK with default princ ola@ENSKEDE.LOCAL
  158. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.564927: Removing ola@ENSKEDE.LOCAL -> krbtgt/ENSKEDE.LOCAL@ENSKEDE.LOCAL from MEMORY:54envuK
  159. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.568343: Storing ola@ENSKEDE.LOCAL -> krbtgt/ENSKEDE.LOCAL@ENSKEDE.LOCAL in MEMORY:54envuK
  160. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.571073: Getting credentials ola@ENSKEDE.LOCAL -> host/galaxy.enskede.local@ENSKEDE.LOCAL using ccache MEMORY:54envuK
  161. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.572393: Retrieving ola@ENSKEDE.LOCAL -> host/galaxy.enskede.local@ENSKEDE.LOCAL from MEMORY:54envuK with result: -1765328243/Matching credential not found
  162. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.573505: Retrieving ola@ENSKEDE.LOCAL -> krbtgt/ENSKEDE.LOCAL@ENSKEDE.LOCAL from MEMORY:54envuK with result: 0/Success
  163. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.574313: Found cached TGT for service realm: ola@ENSKEDE.LOCAL -> krbtgt/ENSKEDE.LOCAL@ENSKEDE.LOCAL
  164. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.575166: Requesting tickets for host/galaxy.enskede.local@ENSKEDE.LOCAL, referrals on
  165. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.576744: Generated subkey for TGS request: rc4-hmac/576F
  166. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.577505: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac
  167. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.579726: Sending request (1394 bytes) to ENSKEDE.LOCAL
  168. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.606848: Resolving hostname enskedead01.enskede.local.
  169. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.620784: Sending initial UDP request to dgram 10.77.20.50:88
  170. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.645968: Received answer from dgram 10.77.20.50:88
  171. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.656026: Response was not from master KDC
  172. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.658111: TGS reply is for ola@ENSKEDE.LOCAL -> host/galaxy.enskede.local@ENSKEDE.LOCAL with session key rc4-hmac/807B
  173. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.659220: TGS request result: 0/Success
  174. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.661100: Received creds for desired service host/galaxy.enskede.local@ENSKEDE.LOCAL
  175. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.661612: Removing ola@ENSKEDE.LOCAL -> host/galaxy.enskede.local@ENSKEDE.LOCAL from MEMORY:54envuK
  176. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.661995: Storing ola@ENSKEDE.LOCAL -> host/galaxy.enskede.local@ENSKEDE.LOCAL in MEMORY:54envuK
  177. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.664249: Creating authenticator for ola@ENSKEDE.LOCAL -> host/galaxy.enskede.local@ENSKEDE.LOCAL, seqnum 0, subkey (null, session key rc4-hmac/807B
  178. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.666677: Retrieving host/galaxy.enskede.local@ENSKEDE.LOCAL from FILE:/etc/krb5.keytab (vno 6, enctype rc4-hmac) with result: 0/Success
  179. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.677884: Decrypted AP-REQ with specified server principal host/galaxy.enskede.local@ENSKEDE.LOCAL: rc4-hmac/8257
  180. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.680258: AP-REQ ticket: ola@ENSKEDE.LOCAL -> host/galaxy.enskede.local@ENSKEDE.LOCAL, session key rc4-hmac/807B
  181. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.695992: Negotiated enctype based on authenticator: rc4-hmac
  182. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.698975: Initializing MEMORY:rd_req2 with default princ ola@ENSKEDE.LOCAL
  183. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.700045: Removing ola@ENSKEDE.LOCAL -> host/galaxy.enskede.local@ENSKEDE.LOCAL from MEMORY:rd_req2
  184. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.700641: Storing ola@ENSKEDE.LOCAL -> host/galaxy.enskede.local@ENSKEDE.LOCAL in MEMORY:rd_req2
  185. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.701660: Destroying ccache MEMORY:54envuK
  186. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [validate_tgt] (0x0400): TGT verified using key for [host/galaxy.enskede.local@ENSKEDE.LOCAL].
  187. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.729692: Retrieving ola@ENSKEDE.LOCAL -> host/galaxy.enskede.local@ENSKEDE.LOCAL from MEMORY:rd_req2 with result: 0/Success
  188. (Tue Apr 14 19:06:43 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031203.736511: Retrieving host/galaxy.enskede.local@ENSKEDE.LOCAL from FILE:/etc/krb5.keytab (vno 6, enctype rc4-hmac) with result: 0/Success
  189. (Tue Apr 14 19:06:44 2015) [[sssd[krb5_child[25336]]]] [sss_child_krb5_trace_cb] (0x4000): [25336] 1429031204.407997: Destroying ccache MEMORY:rd_req2
  190. (Tue Apr 14 19:06:44 2015) [[sssd[krb5_child[25336]]]] [become_user] (0x0200): Trying to become user [11103][11116].
  191. (Tue Apr 14 19:06:44 2015) [[sssd[krb5_child[25336]]]] [sss_get_ccache_name_for_principal] (0x4000): Location: [KEYRING:persistent:11103]
  192. (Tue Apr 14 19:06:44 2015) [[sssd[krb5_child[25336]]]] [sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed: [-1765328243][Can't find client principal ola@ENSKEDE.LOCAL in cache collection]
  193. (Tue Apr 14 19:06:44 2015) [[sssd[krb5_child[25336]]]] [create_ccache] (0x4000): Initializing ccache of type [KEYRING]
  194. (Tue Apr 14 19:06:44 2015) [[sssd[krb5_child[25336]]]] [k5c_send_data] (0x0200): Received error code 0
  195. (Tue Apr 14 19:06:44 2015) [[sssd[krb5_child[25336]]]] [pack_response_packet] (0x2000): response packet size: [130]
  196. (Tue Apr 14 19:06:44 2015) [[sssd[krb5_child[25336]]]] [k5c_send_data] (0x4000): Response sent.
  197. (Tue Apr 14 19:06:44 2015) [[sssd[krb5_child[25336]]]] [main] (0x0400): krb5_child completed successfully
  198. (Tue Apr 14 19:06:44 2015) [sssd[be[ENSKEDE.LOCAL]]] [parse_krb5_child_response] (0x1000): child response [0][3][36].
  199. (Tue Apr 14 19:06:44 2015) [sssd[be[ENSKEDE.LOCAL]]] [parse_krb5_child_response] (0x1000): child response [0][-1073741822][18].
  200. (Tue Apr 14 19:06:44 2015) [sssd[be[ENSKEDE.LOCAL]]] [parse_krb5_child_response] (0x1000): child response [0][-1073741823][32].
  201. (Tue Apr 14 19:06:44 2015) [sssd[be[ENSKEDE.LOCAL]]] [parse_krb5_child_response] (0x1000): TGT times are [1429031203][1429031202][1429067203][1429636002].
  202. (Tue Apr 14 19:06:44 2015) [sssd[be[ENSKEDE.LOCAL]]] [parse_krb5_child_response] (0x1000): child response [0][6][8].
  203. (Tue Apr 14 19:06:44 2015) [sssd[be[ENSKEDE.LOCAL]]] [sss_krb5_check_ccache_princ] (0x2000): Searching for [ola@ENSKEDE.LOCAL] in cache of type [KEYRING]
  204. (Tue Apr 14 19:06:44 2015) [sssd[be[ENSKEDE.LOCAL]]] [krb5_mod_ccname] (0x4000): Save ccname [KEYRING:persistent:11103] for user [ola].
  205. (Tue Apr 14 19:06:50 2015) [sssd[be[ENSKEDE.LOCAL]]] [sdap_attrs_add_ldap_attr] (0x2000): krbLastPwdChange is not available for [ola].
  206. (Tue Apr 14 19:06:50 2015) [sssd[be[ENSKEDE.LOCAL]]] [sdap_attrs_add_ldap_attr] (0x2000): krbPasswordExpiration is not available for [ola].
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!