Login with trusted AD user on IPA client fails with an errror "4 (System error)" in /var/log/secure

Solution Verified - Updated -


  • Trusted AD user fails to login on IPA client fails with an errror "4 (System error)" in /var/log/secure
Oct 19 08:21:01 ipaclient sshd[1361]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=aduser@addomain.com
Oct 19 08:21:01 ipaclientipaclient sshd[1361]: pam_sss(sshd:auth): received for user aduser@addomain.com: 4 (System error)
  • /var/log/sssd/krb5_child.log file is showing errors:
(Fri Oct 19 08:21:00 678918) [[sssd[krb5_child[5174]]]] [try_open_krb5_conf] (0x006789): User with uid:12345 gid:6789 cannot read /etc/krb5.conf. It might cause problems
(Fri Oct 19 08:21:01 678918) [[sssd[krb5_child[5174]]]] [create_ccache] (0x006789): 961: [13][Permission denied]


  • Red Hat Enterprise Linux 7
  • IPA Client
  • IPA - AD Trust Environment
  • SSSD

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In