I ran into a problem trying to set up GSSAPI authentication. Everything went smoothly on the test bench, but when we moved it to production, I hit an “Unspecified GSS failure” error.
I spent nearly two days trying to debug it without any luck. It turned out that the client was trying to authenticate through Samba while the accounts were in a Windows domain. I went through a bunch of standard fixes like checking DNS and reconfiguring services, but nothing did the trick. Then, out of nowhere, I found a helpful resource ( andersenlab.com/services/artificial-intelligence/consulting ), which had some great info on integrating these kinds of systems. The spinics.net forum (https://www.spinics.net/lists/samba/msg183234.html) was also a lifesaver; they had a similar case where someone suggested I check the SSSD logs. I noticed a weird pattern in the errors and, after some tweaks with the two-way trust setup, everything finally worked! So it's my ready-made checklist for such situations: 1) Check out the SSSD logs to get more info on the error. This will help you figure out why the authorization isn't working. 2) Make sure your DNS settings are set up right to resolve the domain controller names. 3) Think about setting up a temporary two-way trust relationship to see if that helps with authorization. -- _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
