IPA: smb service failing to start due to GSSAPI error when connecting to ldap.

Solution Verified - Updated -

Issue

  • IPA: smb service failing to start due to GSSAPI error when connecting to ldap.
  • Smb service is failing with below error.
# ipactl start
Starting Directory Service
Starting krb5kdc Service
Starting kadmin Service
Starting named Service
Starting ipa_memcached Service
Starting httpd Service
Starting pki-tomcatd Service
Starting smb Service
Job for smb.service failed because the control process exited with error code. See "systemctl status smb.service" and "journalctl -xe" for details.
Failed to start smb Service
Shutting down
Aborting ipactl
  • Error in Samba log file /var/log/samba/log.smbd.
[2016/10/20 16:31:15,  0] ../source3/smbd/server.c:1241(main)
  smbd version 4.2.10 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2014
[2016/10/20 16:31:15.981995,  0] ipa_sam.c:4364(bind_callback)
  bind_callback: cannot perform interactive SASL bind with GSSAPI. LDAP security error is 49
[2016/10/20 16:31:15.982167,  0] ../source3/lib/smbldap.c:998(smbldap_connect_system)
  failed to bind to server ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket with dn="[Anonymous bind]" Error: Invalid credentials
        SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context
[2016/10/20 16:31:15.982334,  1] ../source3/lib/smbldap.c:1206(get_cached_ldap_connect)
  Connection to LDAP server failed for the 1 try!
[2016/10/20 16:31:16.992114,  0] ipa_sam.c:4364(bind_callback)
  bind_callback: cannot perform interactive SASL bind with GSSAPI. LDAP security error is 49
[2016/10/20 16:31:16.992332,  1] ../source3/lib/smbldap.c:1206(get_cached_ldap_connect)
  Connection to LDAP server failed for the 2 try!
.
.
.
[2016/10/20 16:31:31.105813,  0] ipa_sam.c:4364(bind_callback)
  bind_callback: cannot perform interactive SASL bind with GSSAPI. LDAP security error is 49
[2016/10/20 16:31:31.106040,  1] ../source3/lib/smbldap.c:1206(get_cached_ldap_connect)
  Connection to LDAP server failed for the 16 try!
[2016/10/20 16:31:32.106312,  1] ipa_sam.c:3726(ipasam_get_base_dn)
  Failed to get base DN from RootDSE: Timed out
[2016/10/20 16:31:32.106455,  0] ipa_sam.c:4520(pdb_init_ipasam)
  Failed to get base DN.
[2016/10/20 16:31:32.106571,  0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
  pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket did not correctly init (error was NT_STATUS_UNSUCCESSFUL)

Environment

  • Red Hat Enterprise Linux 7
  • IPA 4.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content