2:14 p.m.
Hello,
We upgraded our LDAP/Kerberos servers to CentOS7. As a test we pointed a VM
(that is configured to authenticate with ldap/kerberos) to new
ldap/kerberos servers. However, we get system error 4 in /var/log/secur.
Under the troubleshooting section of the site, we're asked to join this
mailing list to figure out what is going on.
Also, we tried to point back to the existing ldap/kerberos servers on our
test VM, we still get the system error 4. The new ldap/kerberos servers are
identical to the old ones. Please, advice us on how we can proceed with
troubleshooting this issue. Thank you.
-F
10:38 p.m.
New subject: System error 4 is reported in the secur log after provisioning new ldap/kerberos servers
Hello,
Only system error 4 is not sufficient. System error 4 most of the time
indicates an issue with kerberos.
Are you able to do # kinit -C ad_user/ldap_user@domain_name
You need to enable sssd debugging and need to check.
Thank you,
*Abhijit Roy*
He/Him/His
Technical Support Engineer
Red Hat Insights - Predict Risk. Get Guidance. Improve Security.
<https://www.redhat.com/en/technologies/management/insights>
Red Hat Enterprise Linux 8. Any Cloud. Any Workload. One OS.
<https://www.redhat.com/en/enterprise-linux-8>
<https://red.ht/sig>
On Sat, May 8, 2021 at 12:51 AM Fahad Sayed <fsayed(a)afilias.info> wrote:
Hello,
We upgraded our LDAP/Kerberos servers to CentOS7. As a test we pointed a
VM (that is configured to authenticate with ldap/kerberos) to new
ldap/kerberos servers. However, we get system error 4 in /var/log/secur.
Under the troubleshooting section of the site, we're asked to join this
mailing list to figure out what is going on.
Also, we tried to point back to the existing ldap/kerberos servers on our
test VM, we still get the system error 4. The new ldap/kerberos servers are
identical to the old ones. Please, advice us on how we can proceed with
troubleshooting this issue. Thank you.
-F
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
10:47 p.m.
New subject: System error 4 is reported in the secur log after provisioning new ldap/kerberos servers
Hi,
Thank you for responding, but this issue is resolved. The problem was
/etc/krb5.conf did not have proper (644) permissions. I should have tested
by acquiring Kerberos TGT by running kinit. Unless ldapsearch and kinit
work properly, SSSD will fail. Once, I fixed the permission on
/etc/krb5.conf and was able to acquire TGT, SSSD worked fine after that.
Thank Abhijit.
Regards,
Fahad
On Fri, May 7, 2021 at 11:39 PM Abhijit Roy <abroy(a)redhat.com> wrote:
Hello,
Only system error 4 is not sufficient. System error 4 most of the time
indicates an issue with kerberos.
Are you able to do # kinit -C ad_user/ldap_user@domain_name
You need to enable sssd debugging and need to check.
Thank you,
*Abhijit Roy*
He/Him/His
Technical Support Engineer
Red Hat Insights - Predict Risk. Get Guidance. Improve Security.
<https://www.redhat.com/en/technologies/management/insights>
Red Hat Enterprise Linux 8. Any Cloud. Any Workload. One OS.
<https://www.redhat.com/en/enterprise-linux-8>
<https://red.ht/sig>
On Sat, May 8, 2021 at 12:51 AM Fahad Sayed <fsayed(a)afilias.info> wrote:
> Hello,
> We upgraded our LDAP/Kerberos servers to CentOS7. As a test we pointed a
> VM (that is configured to authenticate with ldap/kerberos) to new
> ldap/kerberos servers. However, we get system error 4 in /var/log/secur.
> Under the troubleshooting section of the site, we're asked to join this
> mailing list to figure out what is going on.
>
> Also, we tried to point back to the existing ldap/kerberos servers on our
> test VM, we still get the system error 4. The new ldap/kerberos servers are
> identical to the old ones. Please, advice us on how we can proceed with
> troubleshooting this issue. Thank you.
>
> -F
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
1083
days inactive
1084
days old
sssd-users@lists.fedorahosted.org
2 comments
2 participants
participants (2)
-
Abhijit Roy -
Fahad Sayed