SAMBA: What is KDC policy rejects request

Solution In Progress - Updated -

Issue

  • What will happen if you are not allowed to authenticate in AD, i.e. when selective authentication is enabled
  • kvno outputs KDC policy rejects request while getting credentials for cifs/host.example.com@EXAMPLE.COM
  • Winbind Error message: gse_get_client_auth_token: gss_init_sec_context failed with [Unspecified GSS failure. Minor code may provide more information: KDC policy rejects request]
  • STATUS_AUTHENTICATION_FIREWALL_FAILED (0xC0000413) shown in tcpdump

Environment

  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 7
  • Active Directory that supports selective authentication

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In