IPA: smb service failing to start due to GSSAPI error when connecting to ldap.
Issue
- IPA: smb service failing to start due to GSSAPI error when connecting to ldap.
- Smb service is failing with below error.
# ipactl start
Starting Directory Service
Starting krb5kdc Service
Starting kadmin Service
Starting named Service
Starting ipa_memcached Service
Starting httpd Service
Starting pki-tomcatd Service
Starting smb Service
Job for smb.service failed because the control process exited with error code. See "systemctl status smb.service" and "journalctl -xe" for details.
Failed to start smb Service
Shutting down
Aborting ipactl
- Error in Samba log file
/var/log/samba/log.smbd
.
[2016/10/20 16:31:15, 0] ../source3/smbd/server.c:1241(main)
smbd version 4.2.10 started.
Copyright Andrew Tridgell and the Samba Team 1992-2014
[2016/10/20 16:31:15.981995, 0] ipa_sam.c:4364(bind_callback)
bind_callback: cannot perform interactive SASL bind with GSSAPI. LDAP security error is 49
[2016/10/20 16:31:15.982167, 0] ../source3/lib/smbldap.c:998(smbldap_connect_system)
failed to bind to server ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket with dn="[Anonymous bind]" Error: Invalid credentials
SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context
[2016/10/20 16:31:15.982334, 1] ../source3/lib/smbldap.c:1206(get_cached_ldap_connect)
Connection to LDAP server failed for the 1 try!
[2016/10/20 16:31:16.992114, 0] ipa_sam.c:4364(bind_callback)
bind_callback: cannot perform interactive SASL bind with GSSAPI. LDAP security error is 49
[2016/10/20 16:31:16.992332, 1] ../source3/lib/smbldap.c:1206(get_cached_ldap_connect)
Connection to LDAP server failed for the 2 try!
.
.
.
[2016/10/20 16:31:31.105813, 0] ipa_sam.c:4364(bind_callback)
bind_callback: cannot perform interactive SASL bind with GSSAPI. LDAP security error is 49
[2016/10/20 16:31:31.106040, 1] ../source3/lib/smbldap.c:1206(get_cached_ldap_connect)
Connection to LDAP server failed for the 16 try!
[2016/10/20 16:31:32.106312, 1] ipa_sam.c:3726(ipasam_get_base_dn)
Failed to get base DN from RootDSE: Timed out
[2016/10/20 16:31:32.106455, 0] ipa_sam.c:4520(pdb_init_ipasam)
Failed to get base DN.
[2016/10/20 16:31:32.106571, 0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket did not correctly init (error was NT_STATUS_UNSUCCESSFUL)
Environment
- Red Hat Enterprise Linux 7
- IPA 4.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.