[Samba] sssd problems after dc1 is no longer online
mourik jan heupink - merit
heupink at merit.unu.edu
Fri Jul 25 01:59:07 MDT 2014
Hi Steve,
>
> Just a quick test (we'll have a closer look later):
> stop sssd
> rm /var/lib/sss/db/*
> start sssd
>
That made no difference.
> You sure you have the MACHINE$ (or some other domain key: perhaps an
> unprivileged user) in your sssd keytab?
I guess yes, because:
root at epo:~# klist -k /etc/krb5.sssd.keytab '
Keytab name: FILE:/etc/krb5.sssd.keytab
KVNO Principal
----
--------------------------------------------------------------------------
2 EPO$@SAMBA.COMPANY.COM
2 EPO$@SAMBA.COMPANY.COM
2 EPO$@SAMBA.COMPANY.COM
root at epo:/etc/sssd# kinit -k -t /etc/krb5.sssd.keytab
'EPO$@SAMBA.COMPANY.COM'
root at epo:/etc/sssd# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: EPO$@SAMBA.COMPANY.COM
Valid starting Expires Service principal
24/07/2014 12:27 24/07/2014 22:27
krbtgt/SAMBA.COMPANY.COM at SAMBA.COMPANY.COM
renew until 25/07/2014 12:27
root at epo:/etc/sssd#
That looks as it should..?
MJ
> Steve
>
>
More information about the samba
mailing list