On Fri, Apr 11, 2014 at 01:22:54PM +0100, Rowland Penny wrote:
On 11/04/14 13:16, Jakub Hrozek wrote:
On Fri, Apr 11, 2014 at 12:59:00PM +0100, Rowland Penny wrote:
OK, I take it all back, I am stupid ;-)
Once I scanned the new logfile, it dawned on me what I had forgotten to do, so I did it and now everything seems to be working ok.
Oh, you want to know what I forgot to do?
I forgot to export the keytab ;-)
Rowland
So the keytab was missing completely on the client? We should be more verbose about that -- was there not a syslog (journal) message or a level-0 DEBUG message? Since sssd failed to start, I think we should display why prominently. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Hi, you have seen the relevant logs, and I couldn't see anything in them about the keytab until I raised the debug_level as you suggested, it was then obvious to me what I stupidly hadn't done. ;-)
Sorry, I should have tried to reproduce the bug myself first. To my suprise, krb5_kt_resolve() returns success even if the keytab is missing, so the DEBUG message that's already in the code was never printed.
I'll send a patch to sssd-devel to fix this, thanks for reporting the bug.
Note: I am not blaming sssd for the lack of a keytab, I should have exported it, so it is all my fault.
Well, sssd should report the error in a meaningful way, not just roll over and die.