Although perhaps I spoke too soon. sssd starts up but throws log entries: May 7 14:36:04 paixlab-rhel67 [sssd[ldap_child[24887]]]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Preauthentication failed. Unable to create GSSAPI-encrypted LDAP connection. May 7 14:36:04 paixlab-rhel67 [sssd[ldap_child[24887]]]: Preauthentication failed
John On 7 May 2015 at 14:34, John Beranek <[email protected]> wrote: > Sumit, many thanks - you hit the nail on the head! My smb.conf was missing > the line: > > kerberos method = secrets and keytab > > so had not created the keytab. Added the line, rejoined and sssd starts as > expected. > > Cheers, > > John > > On 7 May 2015 at 11:45, Sumit Bose <[email protected]> wrote: > >> On Thu, May 07, 2015 at 11:35:21AM +0100, John Beranek wrote: >> > Hi all, >> > >> > I've just built a RHEL 6.7 Beta VM to test the new SSSD release, and >> have >> > come across a strange issue. >> > >> > I can successfully kinit and join our AD domain with "net ads join -k" >> but >> > sssd won't start. The logs contain: >> >> you have to make sure that net ads join really creates a keytab. Please >> check 'kerberos method' in the smb.conf man page. By default the keys >> are written only to samba's internal secrets.tdb. >> >> As an alternative you might want to consider using the realm command to >> join the AD domain. >> >> HTH >> >> bye, >> Sumit >> >> > >> > [ad_set_ad_id_options] (0x0100): Option krb5_realm set to EXAMPLE.COM >> > [sdap_set_sasl_options] (0x0100): Will look for >> > [email protected] in default keytab >> > [select_principal_from_keytab] (0x0200): trying to select the most >> > appropriate principal from keytab >> > [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. >> > [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. >> > [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. >> > [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. >> > [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. >> > [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. >> > [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. >> > [select_principal_from_keytab] (0x0080): No suitable principal found in >> > keytab >> > [select_principal_from_keytab] (0x0010): Failed to read keytab >> [default]: >> > No such file or directory >> > [ad_set_ad_id_options] (0x0040): Cannot set the SASL-related options >> > [load_backend_module] (0x0010): Error (2) in module (ad) initialization >> > (sssm_ad_id_init)! >> > [be_process_init] (0x0010): fatal error initializing data providers >> > >> > Had a little feedback from Lukas, who suggested I ran "klist -kt". This >> > gives: >> > >> > # klist -kt >> > Keytab name: FILE:/etc/krb5.keytab >> > klist: No such file or directory while starting keytab scan >> > >> > Any ideas? >> > >> > John >> > >> > -- >> > John Beranek To generalise is to be an idiot. >> > http://redux.org.uk/ -- William Blake >> >> > _______________________________________________ >> > sssd-users mailing list >> > [email protected] >> > https://lists.fedorahosted.org/mailman/listinfo/sssd-users >> >> _______________________________________________ >> sssd-users mailing list >> [email protected] >> https://lists.fedorahosted.org/mailman/listinfo/sssd-users >> > > > > -- > John Beranek To generalise is to be an idiot. > http://redux.org.uk/ -- William Blake > > -- John Beranek To generalise is to be an idiot. http://redux.org.uk/ -- William Blake
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
