Users in AD are not able to authenticate using SSSD with the Error : "Error writing to credentials cache"

Solution Verified - Updated -

Issue

Users in AD are not able to authenticate using SSSD with the Error : "Error writing to credentials cache"

krb5_child.log has the following logs :


[unpack_buffer] (0x0100): cmd [241] uid [5003] gid [5005] validate [true] enterprise principal [true] offline [false] UPN [user@EXAMPLE.COM]
[unpack_buffer] (0x0100): ccname: [KEYRING:persistent:5003] old_ccname: [not set] keytab: [/etc/krb5.keytab]
[check_use_fast] (0x0100): Not using FAST.
[privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket
[become_user] (0x0200): Trying to become user [5003][5005].
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment.
[set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
[sss_send_pac] (0x0040): sss_pac_make_request failed [-1][111].
[validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [user\@EXAMPLE.COM@EXAMPLE.COM] might not be correct.
[get_and_save_tgt] (0x0020): 1029: [-1765328187][Error writing to credentials cache]
[map_krb5_error] (0x0020): 1069: [-1765328187][Error writing to credentials cache]
[k5c_send_data] (0x0200): Received error code 1432158209

Environment

  • Red Hat Enterprise Linux 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content