SSSD Service cannot read keytab file.

Comments

Hello,

SSSD is failing to read keytab file, and whenever I tries to login remotely I keep getting unable to verify Principal name in logs file. I am able to verify principal name from keytab file using kinit command.

OS : RHEL 6.5
SSSD Version : sssd-1.9.2-129.el6_5.4.x86_64

here is the output of kinit

root@TESTSERVER1 db]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: host/TESTSERVER1.test.domain.com@TEST.DOMAIN.COM

Valid starting Expires Service principal
08/28/14 16:08:34 08/29/14 02:08:34 krbtgt/TEST.DOMAIN.COM@TEST.DOMAIN.COM
renew until 09/04/14 16:08:34
[root@TESTSERVER1 sssd]# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal

3 host/TESTSERVER1.test.domain.com@TEST.DOMAIN.COM
3 host/TESTSERVER1.test.domain.com@TEST.DOMAIN.COM
3 host/TESTSERVER1.test.domain.com@TEST.DOMAIN.COM
3 host/TESTSERVER1.test.domain.com@TEST.DOMAIN.COM
3 host/TESTSERVER1.test.domain.com@TEST.DOMAIN.COM
[root@TESTSERVER1 sssd]#

Log entries from /var/log/sssd/ldap_child.log

(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[740]]]] [main] (0x0400): ldap_child started.
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[740]]]] [unpack_buffer] (0x1000): total buffer size: 86
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[740]]]] [unpack_buffer] (0x1000): realm_str size: 17
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[740]]]] [unpack_buffer] (0x1000): got realm_str: TEST.DOMAIN.COM
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[740]]]] [unpack_buffer] (0x1000): princ_str size: 53
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[740]]]] [unpack_buffer] (0x1000): got princ_str: host/TESTSERVER1.test.domain.com@TEST.DOMAIN.COM
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[740]]]] [unpack_buffer] (0x1000): keytab_name size: 0
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[740]]]] [unpack_buffer] (0x1000): lifetime: 86400
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[740]]]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/TESTSERVER1.test.domain.com@TEST.DOMAIN.COM]
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[740]]]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [default]
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[740]]]] [sss_krb5_verify_keytab_ex] (0x0010): Cannot read keytab [default].
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[740]]]] [ldap_child_get_tgt_sync] (0x0040): Unable to verify principal is present in the keytab
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[740]]]] [main] (0x0020): ldap_child_get_tgt_sync failed.
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[740]]]] [prepare_response] (0x0400): Building response for result [-1765328200]
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[740]]]] [pack_buffer] (0x1000): result [14] krberr [-1765328200] msgsize [26] msg [Error writing to key table]
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[740]]]] [main] (0x0400): ldap_child completed successfully
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[741]]]] [main] (0x0400): ldap_child started.
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[741]]]] [unpack_buffer] (0x1000): total buffer size: 86
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[741]]]] [unpack_buffer] (0x1000): realm_str size: 17
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[741]]]] [unpack_buffer] (0x1000): got realm_str: TEST.DOMAIN.COM
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[741]]]] [unpack_buffer] (0x1000): princ_str size: 53
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[741]]]] [unpack_buffer] (0x1000): got princ_str: host/TESTSERVER1.test.domain.com@TEST.DOMAIN.COM
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[741]]]] [unpack_buffer] (0x1000): keytab_name size: 0
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[741]]]] [unpack_buffer] (0x1000): lifetime: 86400
(Fri Aug 29 09:08:20 2014) [[sssd[ldap_child[741]]]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/TESTSERVER1.test.domain.com@TEST.DOMAIN.COM]
(Fri Aug 29 09:08:21 2014) [[sssd[ldap_child[741]]]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [default]
(Fri Aug 29 09:08:21 2014) [[sssd[ldap_child[741]]]] [sss_krb5_verify_keytab_ex] (0x0010): Cannot read keytab [default].
(Fri Aug 29 09:08:21 2014) [[sssd[ldap_child[741]]]] [ldap_child_get_tgt_sync] (0x0040): Unable to verify principal is present in
the keytab
(Fri Aug 29 09:08:21 2014) [[sssd[ldap_child[741]]]] [main] (0x0020): ldap_child_get_tgt_sync failed.
(Fri Aug 29 09:08:21 2014) [[sssd[ldap_child[741]]]] [prepare_response] (0x0400): Building response for result [-1765328200]
(Fri Aug 29 09:08:21 2014) [[sssd[ldap_child[741]]]] [pack_buffer] (0x1000): result [14] krberr [-1765328200] msgsize [26] msg [E
rror writing to key table]
(Fri Aug 29 09:08:21 2014) [[sssd[ldap_child[741]]]] [main] (0x0400): ldap_child completed successfully

Started 2014-08-29T14:25:52+00:00 by

kartheek katakam

Community Member 30 points

Select Your Language

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links