Re: [Freeipa-users] sssd failed with 'ldap_sasl_bind failed (-2)[Localerror]'

Thu, 10 Nov 2016 01:29:14 -0800 

debug steps have been tried: 

1 kinit is workable: 
# /usr/kerberos/bin/kinit -k host/client02.stg.example....@example.net

# /usr/kerberos/bin/klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: host/client02.stg.example....@example.net

Valid starting     Expires            Service principal
11/10/16 09:18:00  11/11/16 09:17:35  krbtgt/example....@example.net

Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

2 ldapwhoami with krb auth failed. 

# ldapwhoami -Y GSSAPI -h ipaslave.stg.example.net
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
        additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified 
GSS failure.  Minor code may provide more information (Mutual authentication 
failed)


Matrix

------------------ Original ------------------
From:  "Matrix";<matrix...@qq.com>;
Date:  Thu, Nov 10, 2016 02:11 PM
To:  "freeipa-users"<freeipa-users@redhat.com>; 

Subject:  [Freeipa-users] sssd failed with 'ldap_sasl_bind failed 
(-2)[Localerror]'



Hi, 

I have installed sssd in a RHEL5 client. 

ipa-client/sssd version:
ipa-client-2.1.3-7.el5
sssd-client-1.5.1-71.el5
sssd-1.5.1-71.el5

sssd failed to get ipa user info with 'ldap_sasl_bind failed (-2)[Local 
error]'. 

(Thu Nov 10 05:52:45 2016) [sssd[be[stg.example.net]]] [sasl_bind_send] (4): 
Executing sasl bind mech: GSSAPI, user: host/client02.stg.example.net
(Thu Nov 10 05:52:45 2016) [sssd[be[stg.example.net]]] [sasl_bind_send] (1): 
ldap_sasl_bind failed (-2)[Local error]
(Thu Nov 10 05:52:45 2016) [sssd[be[stg.example.net]]] [child_sig_handler] (7): 
Waiting for child [11117].
(Thu Nov 10 05:52:45 2016) [sssd[be[stg.example.net]]] [child_sig_handler] (4): 
child [11117] finished successfully.

I have tried to google to find root cause. some link explained it should be 
something wrong with dns. I have double confirmed it. 

# nslookup client02.stg.example.net
Server:         10.2.1.21
Address:        10.2.1.21#53

Name:   client02.stg.example.net
Address: 10.2.3.32


# nslookup 10.2.3.32
Server:         10.2.1.21
Address:        10.2.1.21#53

32.3.2.10.in-addr.arpa  name = client02.stg.example.net.


# nslookup ipaslave.stg.example.net
Server:         10.2.1.21
Address:        10.2.1.21#53

Name:   ipaslave.stg.example.net
Address: 10.2.1.250

# nslookup 10.2.1.250
Server:         10.2.1.21
Address:        10.2.1.21#53

250.1.2.10.in-addr.arpa name = ipaslave.stg.example.net.

Any hints or troubleshooting ideas would be appreciated. 

Matrix
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to