IPA: smb service failing to start due to GSSAPI error when connecting to ldap.
Issue
- IPA: smb service failing to start due to GSSAPI error when connecting to ldap.
- Smb service is failing with below error.
# ipactl start
Starting Directory Service
Starting krb5kdc Service
Starting kadmin Service
Starting named Service
Starting ipa_memcached Service
Starting httpd Service
Starting pki-tomcatd Service
Starting smb Service
Job for smb.service failed because the control process exited with error code. See "systemctl status smb.service" and "journalctl -xe" for details.
Failed to start smb Service
Shutting down
Aborting ipactl
- Error in Samba log file
/var/log/samba/log.smbd.
[2016/10/20 16:31:15, 0] ../source3/smbd/server.c:1241(main)
smbd version 4.2.10 started.
Copyright Andrew Tridgell and the Samba Team 1992-2014
[2016/10/20 16:31:15.981995, 0] ipa_sam.c:4364(bind_callback)
bind_callback: cannot perform interactive SASL bind with GSSAPI. LDAP security error is 49
[2016/10/20 16:31:15.982167, 0] ../source3/lib/smbldap.c:998(smbldap_connect_system)
failed to bind to server ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket with dn="[Anonymous bind]" Error: Invalid credentials
SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context
[2016/10/20 16:31:15.982334, 1] ../source3/lib/smbldap.c:1206(get_cached_ldap_connect)
Connection to LDAP server failed for the 1 try!
[2016/10/20 16:31:16.992114, 0] ipa_sam.c:4364(bind_callback)
bind_callback: cannot perform interactive SASL bind with GSSAPI. LDAP security error is 49
[2016/10/20 16:31:16.992332, 1] ../source3/lib/smbldap.c:1206(get_cached_ldap_connect)
Connection to LDAP server failed for the 2 try!
.
.
.
[2016/10/20 16:31:31.105813, 0] ipa_sam.c:4364(bind_callback)
bind_callback: cannot perform interactive SASL bind with GSSAPI. LDAP security error is 49
[2016/10/20 16:31:31.106040, 1] ../source3/lib/smbldap.c:1206(get_cached_ldap_connect)
Connection to LDAP server failed for the 16 try!
[2016/10/20 16:31:32.106312, 1] ipa_sam.c:3726(ipasam_get_base_dn)
Failed to get base DN from RootDSE: Timed out
[2016/10/20 16:31:32.106455, 0] ipa_sam.c:4520(pdb_init_ipasam)
Failed to get base DN.
[2016/10/20 16:31:32.106571, 0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket did not correctly init (error was NT_STATUS_UNSUCCESSFUL)
Environment
- Red Hat Enterprise Linux 7
- IPA 4.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
