#1921 Login failure: Enterprise Principal enabled by default for AD Provider
Closed: Fixed None Opened 5 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 961278

Created attachment 745610
/var/log/sssd/krb5_child.log

Description of problem:
Login failure: Enterprise Principal enabled by default for AD Provider

Version-Release number of selected component (if applicable):
1.10.0-5

How reproducible:
Always

Steps to Reproduce:
1. Using realmd, add the client to an AD Server.

2. Try to login.
$ ssh -l 'SSSDAD\tuser1' localhost
SSSDAD\tuser1@localhost's password:
Permission denied, please try again.
SSSDAD\tuser1@localhost's password:
Permission denied, please try again.
SSSDAD\tuser1@localhost's password:


Actual results:
Login fails.

krb5_child.log shows:
(Thu May  9 06:32:33 2013) [[sssd[krb5_child[6930]]]] [sss_child_krb5_trace_cb]
(0x4000): [6930] 1368095553.283185: Initializing MEMORY:I4Prq7V with default
princ tuser1\@SSSDAD.COM@SSSDAD.COM

(Thu May  9 06:32:33 2013) [[sssd[krb5_child[6930]]]] [sss_child_krb5_trace_cb]
(0x4000): [6930] 1368095553.283363: Removing tuser1\@SSSDAD.COM@SSSDAD.COM ->
krbtgt/SSSDAD.COM@SSSDAD.COM from MEMORY:I4Prq7V

(Thu May  9 06:32:33 2013) [[sssd[krb5_child[6930]]]] [sss_child_krb5_trace_cb]
(0x4000): [6930] 1368095553.283525: Storing tuser1\@SSSDAD.COM@SSSDAD.COM ->
krbtgt/SSSDAD.COM@SSSDAD.COM in MEMORY:I4Prq7V

(Thu May  9 06:32:33 2013) [[sssd[krb5_child[6930]]]] [sss_child_krb5_trace_cb]
(0x4000): [6930] 1368095553.283722: Getting credentials
tuser1\@SSSDAD.COM@SSSDAD.COM -> host/dhcp207-114.sssdad.com@SSSDAD.COM using
ccache MEMORY:I4Prq7V

(Thu May  9 06:32:33 2013) [[sssd[krb5_child[6930]]]] [sss_child_krb5_trace_cb]
(0x4000): [6930] 1368095553.283964: Retrieving tuser1\@SSSDAD.COM@SSSDAD.COM ->
host/dhcp207-114.sssdad.com@SSSDAD.COM from MEMORY:I4Prq7V with result:
-1765328243/Matching credential not found



Expected results:
Login should work.

Additional info:
Refer to the attached krb5_child.log

Fields changed

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => sbose
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

patch: 0 => 1

milestone: NEEDS_TRIAGE => SSSD 1.10 beta
resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.10 beta

2 years ago

Login to comment on this ticket.

Metadata