Hi,
Thank you for responding, but this issue is resolved. The problem was /etc/krb5.conf did not have proper (644) permissions. I should have tested by acquiring Kerberos TGT by running kinit. Unless ldapsearch and kinit work properly, SSSD will fail. Once, I fixed the permission on /etc/krb5.conf and was able to acquire TGT, SSSD worked fine after that. Thank Abhijit.

Regards,
Fahad

On Fri, May 7, 2021 at 11:39 PM Abhijit Roy <abroy@redhat.com> wrote:
Hello,

Only system error 4 is not sufficient. System error 4 most of the time indicates an issue with kerberos. 

Are you able to do # kinit -C ad_user/ldap_user@domain_name 

You need to enable sssd debugging and need to check. 




On Sat, May 8, 2021 at 12:51 AM Fahad Sayed <fsayed@afilias.info> wrote:
Hello,
We upgraded our LDAP/Kerberos servers to CentOS7. As a test we pointed a VM (that is configured to authenticate with ldap/kerberos) to new ldap/kerberos servers. However, we get system error 4 in /var/log/secur. Under the troubleshooting section of the site, we're asked to join this mailing list to figure out what is going on.

Also, we tried to point back to the existing ldap/kerberos servers on our test VM, we still get the system error 4. The new ldap/kerberos servers are identical to the old ones. Please, advice us on how we can proceed with troubleshooting this issue. Thank you.

-F
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure