debug steps have been tried:
1 kinit is workable:
# /usr/kerberos/bin/kinit -k host/client02.stg.example....@example.net
# /usr/kerberos/bin/klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: host/client02.stg.example....@example.net
Valid starting Expires Service principal
11/10/16 09:18:00 11/11/16 09:17:35 krbtgt/example....@example.net
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
2 ldapwhoami with krb auth failed.
# ldapwhoami -Y GSSAPI -h ipaslave.stg.example.net
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information (Mutual authentication
failed)
Matrix
------------------ Original ------------------
From: "Matrix";<matrix...@qq.com>;
Date: Thu, Nov 10, 2016 02:11 PM
To: "freeipa-users"<freeipa-users@redhat.com>;
Subject: [Freeipa-users] sssd failed with 'ldap_sasl_bind failed
(-2)[Localerror]'
Hi,
I have installed sssd in a RHEL5 client.
ipa-client/sssd version:
ipa-client-2.1.3-7.el5
sssd-client-1.5.1-71.el5
sssd-1.5.1-71.el5
sssd failed to get ipa user info with 'ldap_sasl_bind failed (-2)[Local
error]'.
(Thu Nov 10 05:52:45 2016) [sssd[be[stg.example.net]]] [sasl_bind_send] (4):
Executing sasl bind mech: GSSAPI, user: host/client02.stg.example.net
(Thu Nov 10 05:52:45 2016) [sssd[be[stg.example.net]]] [sasl_bind_send] (1):
ldap_sasl_bind failed (-2)[Local error]
(Thu Nov 10 05:52:45 2016) [sssd[be[stg.example.net]]] [child_sig_handler] (7):
Waiting for child [11117].
(Thu Nov 10 05:52:45 2016) [sssd[be[stg.example.net]]] [child_sig_handler] (4):
child [11117] finished successfully.
I have tried to google to find root cause. some link explained it should be
something wrong with dns. I have double confirmed it.
# nslookup client02.stg.example.net
Server: 10.2.1.21
Address: 10.2.1.21#53
Name: client02.stg.example.net
Address: 10.2.3.32
# nslookup 10.2.3.32
Server: 10.2.1.21
Address: 10.2.1.21#53
32.3.2.10.in-addr.arpa name = client02.stg.example.net.
# nslookup ipaslave.stg.example.net
Server: 10.2.1.21
Address: 10.2.1.21#53
Name: ipaslave.stg.example.net
Address: 10.2.1.250
# nslookup 10.2.1.250
Server: 10.2.1.21
Address: 10.2.1.21#53
250.1.2.10.in-addr.arpa name = ipaslave.stg.example.net.
Any hints or troubleshooting ideas would be appreciated.
Matrix
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project