On Tue, Oct 31, 2017 at 10:57:23AM -0600, Jeff Sadowski wrote: > (Tue Oct 31 10:16:44 2017) [sssd[be[mind.unm.edu]]] [ad_sasl_log] > (0x0040): SASL: GSSAPI Error: Unspecified GSS failure. Minor code may > provide more information (Server not found in Kerberos database) > (Tue Oct 31 10:16:44 2017) [sssd[be[mind.unm.edu]]] [sasl_bind_send] > (0x0020): ldap_sasl_bind failed (-2)[Local error] > (Tue Oct 31 10:16:44 2017) [sssd[be[mind.unm.edu]]] [sasl_bind_send] > (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI > Error: Unspecified GSS failure. Minor code may provide more > information (Server not found in Kerberos database)]
I would recommend to try testing with the help of ldapsearch -Y GSSAPI: - kinit -k 'shortname$@realm' - KRB5_TRACE=/dev/stderr ldapsearch -Y GSSAPI -H ldap://your.dc.server -b "" because it might be easier to take sssd out of the picture. I would also recommend to check if the client's hostname matches how the client is registered to AD and that all names resolve back and forth. Finally, I would check the domain_realm mappings in krb5.conf to make sure libkrb5 can infer the correct realm from the domain part of the host name. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org