On Thu, Jul 27, 2017 at 02:34:06AM -0400, Alexandre Pitre via FreeIPA-users wrote:
> I uploaded krb5_child.log and ldap_child.log to
> https://1drv.ms/f/s!AlZwwyQE2ZZ5p2b5ROa15PBkAEQD

I think the child just times out during TGT validation, see:
(Thu Jul 27 06:01:20 2017) [[sssd[krb5_child[2765]]]] [sss_child_krb5_trace_cb] (0x4000): [2765] 1501135280.837647: Sending request (2132 bytes) to AD.COM
(Thu Jul 27 06:01:20 2017) [[sssd[krb5_child[2765]]]] [sss_child_krb5_trace_cb] (0x4000): [2765] 1501135280.838622: Resolving hostname RO1-INF-ADS-002.ad.com.
(Thu Jul 27 06:01:20 2017) [[sssd[krb5_child[2765]]]] [sss_child_krb5_trace_cb] (0x4000): [2765] 1501135280.839154: Sending initial UDP request to dgram 10.248.40.11:88
(Thu Jul 27 06:01:21 2017) [[sssd[krb5_child[2765]]]] [sss_child_krb5_trace_cb] (0x4000): [2765] 1501135281.840215: Resolving hostname ns1-inf-ads-001.ad.com.
(Thu Jul 27 06:01:21 2017) [[sssd[krb5_child[2765]]]] [sss_child_krb5_trace_cb] (0x4000): [2765] 1501135281.841223: Sending initial UDP request to dgram 10.3.200.10:88
(Thu Jul 27 06:01:22 2017) [[sssd[krb5_child[2765]]]] [sss_child_krb5_trace_cb] (0x4000): [2765] 1501135282.842291: Resolving hostname inf-p-sy2-ad-01.ad.com.
(Thu Jul 27 06:01:22 2017) [[sssd[krb5_child[2765]]]] [sss_child_krb5_trace_cb] (0x4000): [2765] 1501135282.843245: Sending initial UDP request to dgram 192.168.1.10:88
(Thu Jul 27 06:01:23 2017) [[sssd[krb5_child[2765]]]] [sss_child_krb5_trace_cb] (0x4000): [2765] 1501135283.844311: Resolving hostname inf-p-sy2-ad-02.ad.com.
(Thu Jul 27 06:01:23 2017) [[sssd[krb5_child[2765]]]] [sss_child_krb5_trace_cb] (0x4000): [2765] 1501135283.845251: Sending initial UDP request to dgram 192.168.1.11:88
(Thu Jul 27 06:01:24 2017) [[sssd[krb5_child[2765]]]] [sss_child_krb5_trace_cb] (0x4000): [2765] 1501135284.846318: Resolving hostname RO1-INF-ADS-001.ad.com.
(Thu Jul 27 06:01:24 2017) [[sssd[krb5_child[2765]]]] [sss_child_krb5_trace_cb] (0x4000): [2765] 1501135284.847243: Sending initial UDP request to dgram 10.248.40.10:88
(Thu Jul 27 06:01:25 2017) [[sssd[krb5_child[2765]]]] [sss_child_krb5_trace_cb] (0x4000): [2765] 1501135285.848311: Resolving hostname ns1-inf-ads-002.ad.com.
(Thu Jul 27 06:01:25 2017) [[sssd[krb5_child[2765]]]] [sss_child_krb5_trace_cb] (0x4000): [2765] 1501135285.849256: Sending initial UDP request to dgram 10.3.200.11:88

(This is the last message from PID 2765, so it was probably killed)

If the servers are reachable you can just increase the krb5_child timeout
in sssd.conf..
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org