Comments

Hi All,

I am tying to configure SSSD for the first time for CentOS 7, we have one forest but multiple domains:

xx.company.com
eu.company.com
na.company.com
ap.company.com

There is already trust relation between domains. I am getting below error:

Sep 16 12:56:46 XXA-ANSTLNX14 [sssd[ldap_child[4201]]]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/XXa-anstlnx14.eu.COMPANY.COM@EU.COMPANY.COM' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection.

Below is Kerberos Configuration file:

cat /etc/krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = EU.COMPANY.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_ccache_name = KEYRING:persistent:%{uid}

[realms]
XX.COMPANY.COM = {
kdc = XXa-XXdc01.XX.COMPANY.COM
kdc = XXc-XXdc01.XX.COMPANY.COM
kdc = XXs-XXdc01.XX.COMPANY.COM
admin_server = XXa-XXdc01.XX.COMPANY.COM
default_domain = XX.COMPANY.COM
}
EU.COMPANY.COM = {
kdc = XXa-eudc01.eu.COMPANY.COM
kdc = XXc-eudc01.eu.COMPANY.COM
kdc = XXs-eudc01.eu.COMPANY.COM
admin_server = XXa-eudc01.eu.COMPANY.COM
default_domain = eu.COMPANY.COM
}
NA.COMPANY.COM = {
kdc = XXa-nadc01.na.COMPANY.COM
kdc = XXc-nadc01.na.COMPANY.COM
kdc = XXs-nadc01.na.COMPANY.COM
admin_server = XXa-nadc01.na.COMPANY.COM
default_domain = na.COMPANY.COM
}
AP.COMPANY.COM = {
kdc = XXa-apdc01.ap.COMPANY.COM
kdc = XXc-apdc01.ap.COMPANY.COM
kdc = XXs-apdc01.ap.COMPANY.COM
admin_server = XXa-apdc01.ap.COMPANY.COM
default_domain = ap.COMPANY.COM
}
DMZ.COMPANY.COM = {
kdc = XXa-dmzdc01.dmz.COMPANY.COM
kdc = XXc-dmzdc01.dmz.COMPANY.COM
kdc = XXs-dmzdc01.dmz.COMPANY.COM
admin_server = XXa-dmzdc01.dmz.COMPANY.COM
default_domain = dmz.COMPANY.COM
}
COMPANY.COM = {
kdc = XXa-autdc01.COMPANY.COM
kdc = XXc-autdc01.COMPANY.COM
kdc = XXs-autdc01.COMPANY.COM
admin_server = XXa-autdc01.COMPANY.COM
default_domain = COMPANY.COM
}

[domain_realm]
.XX.COMPANY.COM = XX.COMPANY.COM
XX.COMPANY.COM = XX.COMPANY.COM
.eu.COMPANY.COM = EU.COMPANY.COM
eu.COMPANY.COM = EU.COMPANY.COM
.na.COMPANY.COM = NA.COMPANY.COM
na.COMPANY.COM = NA.COMPANY.COM
.ap.COMPANY.COM = AP.COMPANY.COM
ap.COMPANY.COM = AP.COMPANY.COM
.dmz.COMPANY.COM = DMZ.COMPANY.COM
dmz.COMPANY.COM = DMZ.COMPANY.COM
.COMPANY.COM = COMPANY.COM

Started 2019-09-16T11:01:08+00:00 by

Samer Odeh

Community Member 34 points

Select Your Language

SSSD Unable to create GSSAPI-encrypted LDAP connection.

cat /etc/krb5.conf

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

cat /etc/krb5.conf

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links