to domain part of my sssd.confldap_sasl_mech=GSSAPI
Hello,Today morning I had a bad surprise. Suddenly I cannot login anymore to my PC.My OS is Arch based, with SSSD 2.4.2, updated yesterday (it was working after update, last login occurred around 7pm 05.05.2021, today 7am 06.05.2021 cannot login anymore)Maybe you have any idea what's wrong.What I see in sssd logs:I tried to rejoin domain with2021-05-06 9:49:26): [be[domain.name]] [sasl_bind_send] (0x0100): Executing sasl bind mech: GSS-SPNEGO, user: PCNAME$
(2021-05-06 9:49:26): [be[domain.name]] [ad_sasl_log] (0x0040): SASL: No worthy mechs found
(2021-05-06 9:49:26): [be[domain.name]] [sasl_bind_send] (0x0020): ldap_sasl_interactive_bind_s failed (-6)[Unknown authentication method]
(2021-05-06 9:49:26): [be[domain.name]] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-4): no mechanism available: No worthy mechs found]
(2021-05-06 9:49:26): [be[domain.name]] [sdap_cli_connect_recv] (0x0040): Unable to establish connection [1432158227]: Authentication Failed
(2021-05-06 9:49:26): [be[domain.name]] [fo_set_port_status] (0x0100): Marking port 389 of server 'dc1.domain.name' as 'not working'krb5.confthen with commands:allow_weak_crypto = true
permitted_enctypes = aes rc4Keytab looks like that:KRB5_TRACE=/dev/stdout kinit -V aduser@AD.EXAMPLE.COM.kinit Administrator
net ads join -kklist -keBoth kinit and ldapsearch are working properly.10 06.05.2021 09:49:09 restrictedkrbhost/pcname.domain.name@DOMAIN.NAME (aes256-cts-hmac-sha1-96)
10 06.05.2021 09:49:09 restrictedkrbhost/PCNAME@DOMAIN.NAME (aes256-cts-hmac-sha1-96)
10 06.05.2021 09:49:09 restrictedkrbhost/pcname.domain.name@DOMAIN.NAME (aes128-cts-hmac-sha1-96)
10 06.05.2021 09:49:09 restrictedkrbhost/PCNAME@DOMAIN.NAME (aes128-cts-hmac-sha1-96)
10 06.05.2021 09:49:09 restrictedkrbhost/pcname.domain.name@DOMAIN.NAME (DEPRECATED:arcfour-hmac)
10 06.05.2021 09:49:09 restrictedkrbhost/PCNAME@DOMAIN.NAME (DEPRECATED:arcfour-hmac)
10 06.05.2021 09:49:10 host/pcname.domain.name@DOMAIN.NAME (aes256-cts-hmac-sha1-96)
10 06.05.2021 09:49:10 host/PCNAME@DOMAIN.NAME (aes256-cts-hmac-sha1-96)
10 06.05.2021 09:49:10 host/pcname.domain.name@DOMAIN.NAME (aes128-cts-hmac-sha1-96)
10 06.05.2021 09:49:10 host/PCNAME@DOMAIN.NAME (aes128-cts-hmac-sha1-96)
10 06.05.2021 09:49:10 host/pcname.domain.name@DOMAIN.NAME (DEPRECATED:arcfour-hmac)
10 06.05.2021 09:49:10 host/PCNAME@DOMAIN.NAME (DEPRECATED:arcfour-hmac)
10 06.05.2021 09:49:10 PCNAME$@DOMAIN.NAME (aes256-cts-hmac-sha1-96)
10 06.05.2021 09:49:10 PCNAME$@DOMAIN.NAME (aes128-cts-hmac-sha1-96)
10 06.05.2021 09:49:10 PCNAME$@DOMAIN.NAME (DEPRECATED:arcfour-hmac)Thanks for help!-----Pawel