Unable to authenticate as AD users with the error message : "generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)]"

Solution Verified - Updated -

Issue

Unable to authenticate as AD users with the error message : "generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)]"

sssd log :

  [sdap_cli_auth_step] (0x0100): expire timeout is 900
  [sdap_cli_auth_step] (0x1000): the connection will expire at 1458196012
  [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: user1
  [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error]
  [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database)]
  [child_sig_handler] (0x1000): Waiting for child [19075].
  [child_sig_handler] (0x0100): child [19075] finished successfully.
  [fo_set_port_status] (0x0100): Marking port 389 of server 'ad.example.com' as 'not working'
  [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP
  [fo_set_port_status] (0x0400): Marking port 389 of duplicate server 'ad.example.com' as 'not working'
  [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP
  [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP
  [sdap_handle_release] (0x2000): Trace: sh[0x228ce20], connected[1], ops[(nil)], ldap[0x22806b0], destructor_lock[0], release_memory[0]
  [remove_connection_callback] (0x4000): Successfully removed connection callback.
  [be_mark_offline] (0x2000): Going offline!
  [be_mark_offline] (0x2000): Enable check_if_online_ptask.
  [be_ptask_enable] (0x0400): Task [Check if online (periodic)]: enabling task
  [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling task 70 seconds from now [1458195182]
  [be_run_offline_cb] (0x0080): Going offline. Running callbacks.
  [sdap_id_op_connect_done] (0x4000): notify offline to op #1
  [ad_subdomains_get_conn_done] (0x0080): No AD server is available, cannot get the subdomain list while offline
  [sdap_id_op_connect_done] (0x4000): notify offline to op #2
  [sdap_dyndns_get_addrs_done] (0x0080): No LDAP server is available, dynamic DNS update is skipped in offline mode.
  [sdap_dyndns_update_addrs_done] (0x0040): Can't get addresses for DNS update
  [ad_dyndns_sdap_update_done] (0x0040): Dynamic DNS update failed [1432158234]: Dynamic DNS update not possible while offline
  [ad_dyndns_nsupdate_done] (0x0040): Updating DNS entry failed [1432158234]: Dynamic DNS update not possible while offline

Environment

  • Red Hat Enterprise Linux 6.5
  • SSSD

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content