On Tue, Feb 02, 2016 at 04:59:37PM -0800, Terence Kent wrote: > Hello, > > We’ve been using SSSD with FreeIPA very successfully for a while now - we > love it. Recently, we’ve noticed that all our linux hosts (All Ubuntu 14.04) > log the following message pretty regularly (several dozen times per day): > > "Failed to initialize credentials using keytab [default]: Generic error (see > e-text). Unable to create GSSAPI-encrypted LDAP connection.” > > Now, outside of this message, we have no symptoms that things aren’t > functioning properly. SSSD is properly recognizing changes whenever we update > our FreeIPA server. > > Can anyone point us in the right direction on how to fix this issue? So far, > we’ve done the following: > > 1. Verified the /etc/krb5.keytab seems to be fine (and it does).
with kinit -k, right? > 2. Verified that changes to our FreeIPA servers properly get replicated to > the clients. strange, I would have thought that this would cause the client to go offline. Can you send the complete logs? Ideally ldap_child.log and sssd_$domain.log -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project