On 03/30/2015 01:55 AM, Jakub Hrozek wrote:
On Fri, Mar 27, 2015 at 10:09:43PM +0100, Lukas Slebodnik wrote:
On (27/03/15 14:01), Orion Poplawski wrote:
(Fri Mar 27 13:51:43 2015) [sssd[be[nwra.com]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>) [Success]
I know that you fixed your problem, but pam error code 4 (System error) should not happend in sssd It means some serious problem.
It can be related to the pevious debug message "krb5_auth_recv request failed."
Could you provide domain log file and krb5_child.log with enabled verbose logging? (put debug_level = 0xfff0 into domain section.
Yes, in addition, it would be nice to see the output of KRB5_TRACE=/dev/stderr kinit -E -C orion@ad.nwra.com
Also, the UPN attribute of your user is really "Orion Poplawski@AD.NWRA.COM" ?
A mistake in an AD update set it to that. Obviously it should be orion@AD.NWRA.COM, and is fixed now. Do you still want the kinit trace for this configuration error?