kinit: Pre-authentication failed: No key table entry found for PRINCIPAL$@DOMAIN.COM while getting initial credentials
Issue
- When following the steps mentioned in the Ansible working with kerberos tickets document:
$ kinit username@WEBSITE.COM -k -t username.keytab
kinit: No key table entry found for username@WEBSITE.COM while getting initial credentials
- Upon attempting a kinit, I receive the following error:
# kinit -k /etc/krb5.keytab 'PRINCIPAL$@DOMAIN.COM'
kinit: No key table entry found for PRINCIPAL$@DOMAIN.COM while getting initial credentials
- SSSD fails to bind with a Domain due to the following error:
[ldap_child[754705]] [sss_child_krb5_trace_cb] (0x4000): [754705] 1650432861.376318: Preauth module encrypted_timestamp (2) (real) returned: -1765328203/Key table entry not found
[ldap_child[754705]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328174
[ldap_child[754705]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Pre-authentication failed: Key table entry not found. Unable to create GSSAPI-encrypted LDAP connection.
[ldap_child[754705]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COM]
[ldap_child[754705]] [main] (0x0020): ldap_child_get_tgt_sync failed.
Environment
- Red Hat Enterprise Linux
- Ansible Tower >= 3.3
- SSSD
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
