#1921 Login failure: Enterprise Principal enabled by default for AD Provider
Closed: Fixed None Opened 7 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 961278

Created attachment 745610
/var/log/sssd/krb5_child.log

Description of problem:
Login failure: Enterprise Principal enabled by default for AD Provider

Version-Release number of selected component (if applicable):
1.10.0-5

How reproducible:
Always

Steps to Reproduce:
1. Using realmd, add the client to an AD Server.

2. Try to login.
$ ssh -l 'SSSDAD\tuser1' localhost
SSSDAD\tuser1@localhost's password:
Permission denied, please try again.
SSSDAD\tuser1@localhost's password:
Permission denied, please try again.
SSSDAD\tuser1@localhost's password:


Actual results:
Login fails.

krb5_child.log shows:
(Thu May  9 06:32:33 2013) [[sssd[krb5_child[6930]]]] [sss_child_krb5_trace_cb]
(0x4000): [6930] 1368095553.283185: Initializing MEMORY:I4Prq7V with default
princ tuser1\@SSSDAD.COM@SSSDAD.COM

(Thu May  9 06:32:33 2013) [[sssd[krb5_child[6930]]]] [sss_child_krb5_trace_cb]
(0x4000): [6930] 1368095553.283363: Removing tuser1\@SSSDAD.COM@SSSDAD.COM ->
krbtgt/SSSDAD.COM@SSSDAD.COM from MEMORY:I4Prq7V

(Thu May  9 06:32:33 2013) [[sssd[krb5_child[6930]]]] [sss_child_krb5_trace_cb]
(0x4000): [6930] 1368095553.283525: Storing tuser1\@SSSDAD.COM@SSSDAD.COM ->
krbtgt/SSSDAD.COM@SSSDAD.COM in MEMORY:I4Prq7V

(Thu May  9 06:32:33 2013) [[sssd[krb5_child[6930]]]] [sss_child_krb5_trace_cb]
(0x4000): [6930] 1368095553.283722: Getting credentials
tuser1\@SSSDAD.COM@SSSDAD.COM -> host/dhcp207-114.sssdad.com@SSSDAD.COM using
ccache MEMORY:I4Prq7V

(Thu May  9 06:32:33 2013) [[sssd[krb5_child[6930]]]] [sss_child_krb5_trace_cb]
(0x4000): [6930] 1368095553.283964: Retrieving tuser1\@SSSDAD.COM@SSSDAD.COM ->
host/dhcp207-114.sssdad.com@SSSDAD.COM from MEMORY:I4Prq7V with result:
-1765328243/Matching credential not found



Expected results:
Login should work.

Additional info:
Refer to the attached krb5_child.log

Fields changed

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => sbose
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

patch: 0 => 1

milestone: NEEDS_TRIAGE => SSSD 1.10 beta
resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.10 beta

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2963

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata