I have an IPA setup with replica which has trust configured with an Active Directory
domain. The trust has been configured and it does show correctly when listed, but users
cannot authenticate against Active Directory. The only error I see (on IPA server sssd
logs) after I enabled debugging is:
[sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI
Error: Unspecified GSS failure. Minor code may provide more information (Server
ldap/dccontroller.example.local(a)IPADEV.EXAMPLE.LOCAL not found in Kerberos database)]
This error is logged for all 8 domain controllers behind Active Directory domain.
Any hint where to look for or check would be really appreciated .