I would appreciate some pointers.

I have a sandbox setup running on VMs. There is an AD controller using the VM image which Microsoft has available for testing.

I have created a domain called ad.test

On my client machine I am continually getting this error:

[sssd[be[adtest.private]]] [ad_sasl_log] (0x0040): SASL: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)

On the client klist-k | uniq returns

KVNO Principal
---- --------------------------------------------------------------------------
   3 CLIENT1$@ADTEST.PRIVATE
   3 host/CLIENT1@ADTEST.PRIVATE
   3 host/client1@ADTEST.PRIVATE
   3 RestrictedKrbHost/CLIENT1@ADTEST.PRIVATE
   3 RestrictedKrbHost/client1@ADTEST.PRIVATE

The funny thing is ONLY kinit -k CLIENT1$\@ADTEST.PRIVATE will work.

I do get a tgt:

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: CLIENT1$@ADTEST.PRIVATE

Just in the sandbox I am also setting:

ldap_auth_disable_tls_never_use_in_production = true

Any pointers please? I have cranked debug up to 8 and this error message seems to be the crucial one.

By the way, why does the debug level not go up to 11?