Thank you for responding, but this issue is resolved. The problem was
/etc/krb5.conf did not have proper (644) permissions. I should have tested
by acquiring Kerberos TGT by running kinit. Unless ldapsearch and kinit
work properly, SSSD will fail. Once, I fixed the permission on
/etc/krb5.conf and was able to acquire TGT, SSSD worked fine after that.
On Fri, May 7, 2021 at 11:39 PM Abhijit Roy <abroy(a)redhat.com> wrote:
Only system error 4 is not sufficient. System error 4 most of the time
indicates an issue with kerberos.
Are you able to do # kinit -C ad_user/ldap_user@domain_name
You need to enable sssd debugging and need to check.
Technical Support Engineer
Red Hat Insights - Predict Risk. Get Guidance. Improve Security.
Red Hat Enterprise Linux 8. Any Cloud. Any Workload. One OS.
On Sat, May 8, 2021 at 12:51 AM Fahad Sayed <fsayed(a)afilias.info> wrote:
> We upgraded our LDAP/Kerberos servers to CentOS7. As a test we pointed a
> VM (that is configured to authenticate with ldap/kerberos) to new
> ldap/kerberos servers. However, we get system error 4 in /var/log/secur.
> Under the troubleshooting section of the site, we're asked to join this
> mailing list to figure out what is going on.
> Also, we tried to point back to the existing ldap/kerberos servers on our
> test VM, we still get the system error 4. The new ldap/kerberos servers are
> identical to the old ones. Please, advice us on how we can proceed with
> troubleshooting this issue. Thank you.
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> Do not reply to spam on the list, report it:
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
Do not reply to spam on the list, report it: