Unable to authenticate as AD users with the error message : "generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)]"

Solution Verified - Updated -

Issue

Unable to authenticate as AD users with the error message : "generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)]"

sssd log :

  [sdap_cli_auth_step] (0x0100): expire timeout is 900
  [sdap_cli_auth_step] (0x1000): the connection will expire at 1458196012
  [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: user1
  [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error]
  [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database)]
  [child_sig_handler] (0x1000): Waiting for child [19075].
  [child_sig_handler] (0x0100): child [19075] finished successfully.
  [fo_set_port_status] (0x0100): Marking port 389 of server 'ad.example.com' as 'not working'
  [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP
  [fo_set_port_status] (0x0400): Marking port 389 of duplicate server 'ad.example.com' as 'not working'
  [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP
  [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP
  [sdap_handle_release] (0x2000): Trace: sh[0x228ce20], connected[1], ops[(nil)], ldap[0x22806b0], destructor_lock[0], release_memory[0]
  [remove_connection_callback] (0x4000): Successfully removed connection callback.
  [be_mark_offline] (0x2000): Going offline!
  [be_mark_offline] (0x2000): Enable check_if_online_ptask.
  [be_ptask_enable] (0x0400): Task [Check if online (periodic)]: enabling task
  [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling task 70 seconds from now [1458195182]
  [be_run_offline_cb] (0x0080): Going offline. Running callbacks.
  [sdap_id_op_connect_done] (0x4000): notify offline to op #1
  [ad_subdomains_get_conn_done] (0x0080): No AD server is available, cannot get the subdomain list while offline
  [sdap_id_op_connect_done] (0x4000): notify offline to op #2
  [sdap_dyndns_get_addrs_done] (0x0080): No LDAP server is available, dynamic DNS update is skipped in offline mode.
  [sdap_dyndns_update_addrs_done] (0x0040): Can't get addresses for DNS update
  [ad_dyndns_sdap_update_done] (0x0040): Dynamic DNS update failed [1432158234]: Dynamic DNS update not possible while offline
  [ad_dyndns_nsupdate_done] (0x0040): Updating DNS entry failed [1432158234]: Dynamic DNS update not possible while offline

Environment

  • Red Hat Enterprise Linux 6.5
  • SSSD

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In