On Mon, Oct 19, 2015 at 08:18:39PM +0000, Thackeray, Neil L wrote:
I'm encountering a strange problem on some of my Ubuntu 14.0.4
LTS servers. I have yet to encounter the same problem on any of the CentOS or RHEL6/7
After a few days of working fine, all of the sudden users can't log in. I can fix the
problem easily by using 'realm leave' and 'realm join', but this isn't
optimal since users can go a day or two before it gets fixed. I thought at first it was
clock drift causing a problem with the Kerberos ticket, but this last time I made sure to
check the date before I rejoined the realm.
Oct 19 10:16:30 myserver [sssd[ldap_child]]: Preauthentication failed
Oct 19 10:16:31 myserver [sssd[ldap_child]]: Failed to initialize credentials
using keytab [MEMORY:/etc/krb5.keytab]: Preauthentication failed. Unable to create
GSSAPI-encrypted LDAP connection.
Preauthentication failed normally means wrong password, in this case
wrong keytab. I guess you would see the same error if you run kinit -k
"SHORTNAME$" (you can see the shortname in ldap_child.log as well..)
Are you sure your domain policies don't expire machine passwords after