Unable to authenticate as AD users with the error message : "generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)]"
Issue
Unable to authenticate as AD users with the error message : "generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)]"
sssd log :
[sdap_cli_auth_step] (0x0100): expire timeout is 900
[sdap_cli_auth_step] (0x1000): the connection will expire at 1458196012
[sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: user1
[sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error]
[sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)]
[child_sig_handler] (0x1000): Waiting for child [19075].
[child_sig_handler] (0x0100): child [19075] finished successfully.
[fo_set_port_status] (0x0100): Marking port 389 of server 'ad.example.com' as 'not working'
[ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP
[fo_set_port_status] (0x0400): Marking port 389 of duplicate server 'ad.example.com' as 'not working'
[ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP
[ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP
[sdap_handle_release] (0x2000): Trace: sh[0x228ce20], connected[1], ops[(nil)], ldap[0x22806b0], destructor_lock[0], release_memory[0]
[remove_connection_callback] (0x4000): Successfully removed connection callback.
[be_mark_offline] (0x2000): Going offline!
[be_mark_offline] (0x2000): Enable check_if_online_ptask.
[be_ptask_enable] (0x0400): Task [Check if online (periodic)]: enabling task
[be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling task 70 seconds from now [1458195182]
[be_run_offline_cb] (0x0080): Going offline. Running callbacks.
[sdap_id_op_connect_done] (0x4000): notify offline to op #1
[ad_subdomains_get_conn_done] (0x0080): No AD server is available, cannot get the subdomain list while offline
[sdap_id_op_connect_done] (0x4000): notify offline to op #2
[sdap_dyndns_get_addrs_done] (0x0080): No LDAP server is available, dynamic DNS update is skipped in offline mode.
[sdap_dyndns_update_addrs_done] (0x0040): Can't get addresses for DNS update
[ad_dyndns_sdap_update_done] (0x0040): Dynamic DNS update failed [1432158234]: Dynamic DNS update not possible while offline
[ad_dyndns_nsupdate_done] (0x0040): Updating DNS entry failed [1432158234]: Dynamic DNS update not possible while offline
Environment
- Red Hat Enterprise Linux 6.5
- SSSD
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.