I have an IPA setup with replica which has trust configured with an Active Directory domain. The trust has been configured and it does show correctly when listed, but users cannot authenticate against Active Directory. The only error I see (on IPA server sssd logs) after I enabled debugging is:
[sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server ldap/dccontroller.example.local@IPADEV.EXAMPLE.LOCAL not found in Kerberos database)] This error is logged for all 8 domain controllers behind Active Directory domain. Any hint where to look for or check would be really appreciated . _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
