Why is authentication of users from second Active Directory forest not working with SSSD in Red Hat Enterprise Linux 6?

Solution Verified - Updated -

Issue

  • In an environment with two AD forest have one way trust configured between them, User authentication does not work for users from second AD forest. Authentication works correctly for users from one forest only.
  • Encountered the following ldap_sasl_bind / GSSAPI error while user from second AD forest was logging in (secondexample.com via one-way trust):
(Thu Oct 15 12:18:22 2015) [sssd[be[firstexample.com]]] [be_req_set_domain] (0x0400): Changing request domain from [firstexample.com] to [secondexample.com]

(Thu Oct 15 12:18:22 2015) [sssd[be[firstexample.com]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: RHEL6B$
(Thu Oct 15 12:18:42 2015) [sssd[be[firstexample.com]]] [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error]
(Thu Oct 15 12:18:42 2015) [sssd[be[firstexample.com]]] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database)]

Environment

  • Red Hat Enterprise Linux 6.7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content