Why is authentication of users from second Active Directory forest not working with SSSD in Red Hat Enterprise Linux 6?
Issue
- In an environment with two AD forest have one way trust configured between them, User authentication does not work for users from second AD forest. Authentication works correctly for users from one forest only.
- Encountered the following
ldap_sasl_bind
/GSSAPI
error while user from second AD forest was logging in (secondexample.com via one-way trust):
(Thu Oct 15 12:18:22 2015) [sssd[be[firstexample.com]]] [be_req_set_domain] (0x0400): Changing request domain from [firstexample.com] to [secondexample.com]
(Thu Oct 15 12:18:22 2015) [sssd[be[firstexample.com]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: RHEL6B$
(Thu Oct 15 12:18:42 2015) [sssd[be[firstexample.com]]] [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error]
(Thu Oct 15 12:18:42 2015) [sssd[be[firstexample.com]]] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)]
Environment
- Red Hat Enterprise Linux 6.7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.