Cannot authenticate due to "KDC policy rejects request"

Solution Unverified - Updated -

Issue

  • What will happen if you are not allowed to authenticate in AD, i.e. when selective authentication is enabled
  • kvno outputs KDC policy rejects request while getting credentials for cifs/host.example.com@EXAMPLE.COM
  • Winbind Error message: gse_get_client_auth_token: gss_init_sec_context failed with [Unspecified GSS failure. Minor code may provide more information: KDC policy rejects request]
  • STATUS_AUTHENTICATION_FIREWALL_FAILED (0xC0000413) shown in tcpdump
  • SSSD logs show "TGS request result: -1765328372/KDC policy rejects request"

Environment

  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 7
  • Active Directory

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content