Login with trusted AD user on IPA client fails with an errror "4 (System error)" in /var/log/secure

Solution Verified - Updated -

Issue

  • Trusted AD user fails to login on IPA client fails with an errror "4 (System error)" in /var/log/secure
Oct 19 08:21:01 ipaclient sshd[1361]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=aduser@addomain.com
Oct 19 08:21:01 ipaclientipaclient sshd[1361]: pam_sss(sshd:auth): received for user aduser@addomain.com: 4 (System error)
  • /var/log/sssd/krb5_child.log file is showing errors:
(Fri Oct 19 08:21:00 678918) [[sssd[krb5_child[5174]]]] [try_open_krb5_conf] (0x006789): User with uid:12345 gid:6789 cannot read /etc/krb5.conf. It might cause problems
(Fri Oct 19 08:21:01 678918) [[sssd[krb5_child[5174]]]] [create_ccache] (0x006789): 961: [13][Permission denied]

Environment

  • Red Hat Enterprise Linux 7,8,9
  • IPA Client
  • IPA - AD Trust Environment
  • SSSD

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content