Hi,
Thank you for responding, but this issue is resolved. The problem was
/etc/krb5.conf did not have proper (644) permissions. I should have tested
by acquiring Kerberos TGT by running kinit. Unless ldapsearch and kinit
work properly, SSSD will fail. Once, I fixed the permission on
/etc/krb5.conf and was able to acquire TGT, SSSD worked fine after that.
Thank Abhijit.
Regards,
Fahad
On Fri, May 7, 2021 at 11:39 PM Abhijit Roy <abroy(a)redhat.com> wrote:
Hello,
Only system error 4 is not sufficient. System error 4 most of the time
indicates an issue with kerberos.
Are you able to do # kinit -C ad_user/ldap_user@domain_name
You need to enable sssd debugging and need to check.
Thank you,
*Abhijit Roy*
He/Him/His
Technical Support Engineer
Red Hat Insights - Predict Risk. Get Guidance. Improve Security.
<
https://www.redhat.com/en/technologies/management/insights>
Red Hat Enterprise Linux 8. Any Cloud. Any Workload. One OS.
<
https://www.redhat.com/en/enterprise-linux-8>
<
https://red.ht/sig>
On Sat, May 8, 2021 at 12:51 AM Fahad Sayed <fsayed(a)afilias.info> wrote:
> Hello,
> We upgraded our LDAP/Kerberos servers to CentOS7. As a test we pointed a
> VM (that is configured to authenticate with ldap/kerberos) to new
> ldap/kerberos servers. However, we get system error 4 in /var/log/secur.
> Under the troubleshooting section of the site, we're asked to join this
> mailing list to figure out what is going on.
>
> Also, we tried to point back to the existing ldap/kerberos servers on our
> test VM, we still get the system error 4. The new ldap/kerberos servers are
> identical to the old ones. Please, advice us on how we can proceed with
> troubleshooting this issue. Thank you.
>
> -F
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
>
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
> Do not reply to spam on the list, report it:
>
https://pagure.io/fedora-infrastructure
>
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure