Am Mon, Apr 26, 2021 at 07:25:59AM -0000 schrieb iulian roman via FreeIPA-users:
I have an IPA setup with replica which has trust configured with an
Active Directory domain. The trust has been configured and it does show correctly when
listed, but users cannot authenticate against Active Directory. The only error I see (on
IPA server sssd logs) after I enabled debugging is:
[sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI
Error: Unspecified GSS failure. Minor code may provide more information (Server
ldap/dccontroller.example.local(a)IPADEV.EXAMPLE.LOCAL not found in Kerberos database)]
This error is logged for all 8 domain controllers behind Active Directory domain.
Any hint where to look for or check would be really appreciated .
Hi,
it looks like the KDC of the IPA realm IPADEV.EXAMPLE.LOCAL is asked for
a ticket of an AD DC dccontroller.example.local. Can you check
/etc/krb5.conf (and all files in the include directories) if in the
[domain_realm] section the domain example.local is mapped to the realm
IPADEV.EXAMPLE.LOCAL?
bye,
Sumit
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure