Winbind and Samba service fails to start in IPA with error "cannot perform interactive SASL bind with GSSAPI. LDAP security error is 49"

Solution Verified - Updated -

Issue

  • Winbind and samba services are failing to start with error
May 12 01:45:30 ipa-server systemd: Starting Samba SMB Daemon...
May 12 01:45:30 ipa-server smbd[22756]: [2025/05/12 01:45:30.568242,  0, pid=22756, effective(0, 0), real(0,                       0)] ipa_sam.c:4571(bind_callback)
May 12 01:45:30 ipa-server smbd[22756]:  bind_callback: cannot perform interactive SASL bind with GSSAPI.      LDAP security error is 49
May 12 01:45:30 ipa-server smbd[22756]: [2025/05/12 01:45:30.568522,  0, pid=22756, effective(0, 0), real(0,      0)] ../../source3/lib/smbldap.c:1052(smbldap_connect_system)
May 12 01:45:30 ipa-server smbd[22756]:  failed to bind to server ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket with dn="[Anonymous bind]" Error: Invalid credentials

Environment

  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
  • Red Hat Enterprise Linux 10
  • IPA

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content