Thanks Rob.

/etc/krb5.conf.d/  was in fact missing from the client, which is still on 
CentOS 7.2 for reasons out of our control.
Other hosts that are CentOS 7.2 running IPA Client 4.2.0 also do not have the 
/etc/krb5.conf.d/ directory, but are running fine.  So maybe the 4.4 client 
requires that dir but is not making it on upgrade and the cause of the failure?


> On Jan 3, 2017, at 1:25 PM, Rob Crittenden <> wrote:
> Alan Latteri wrote:
>> Log is attached.
> Look and see if /etc/krb5.conf.d/ and
> /var/lib/sss/pubconf/krb5.include.d exist and are readable (and check
> for SELinux AVCs). I'm pretty sure this all runs as root so I doubt
> filesystem perms are an issue but who knows.
> You can also brute force things using strace -f to find out exactly what
> can't be read.
> rob

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to