I would appreciate some pointers.

I have a sandbox setup running on VMs.  There is an AD controller using the VM image which Microsoft has available for testing.

I have created a domain called ad.test


On my client machine I am continually getting this error:

[sssd[be[adtest.private]]] [ad_sasl_log] (0x0040): SASL: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database)


On the client   klist-k | uniq returns


KVNO Principal
---- --------------------------------------------------------------------------
   3 CLIENT1$@ADTEST.PRIVATE
   3 host/CLIENT1@ADTEST.PRIVATE
   3 host/client1@ADTEST.PRIVATE
   3 RestrictedKrbHost/CLIENT1@ADTEST.PRIVATE
   3 RestrictedKrbHost/client1@ADTEST.PRIVATE

The funny thing is ONLY   kinit -k CLIENT1$\@ADTEST.PRIVATE   will work.

I do get a tgt:

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: CLIENT1$@ADTEST.PRIVATE

Just in the sandbox I am also setting:

ldap_auth_disable_tls_never_use_in_production = true


Any pointers please?  I have cranked debug up to 8 and this error message seems to be the crucial one.


By the way, why does the debug level not go up to 11?