On Thu, Aug 11, 2016 at 03:08:35PM -0700, Robert Moulton wrote: > On a CentOS 6 system we recently implemented sssd auth against an AD domain > (Samba 4 AD, specifically). The system messages log often shows flurries of > these GSSAPI errors: > > sssd[be[notarealdomain.com]]: GSSAPI Error: Invalid token was supplied > (Token header is malformed or corrupt)
I'm sorry, I've never seen this error. But what you can do is to kinit with the keytab using KRB5_TRACE=/dev/stderr and then search the AD DC/Samba DC with -Y GSSAPI (again prepending KRB5_TRACE=/dev/stderr) and see if more helpful errors appear. > > Any idea what might be wrong? Troubleshooting tips? (We don't have much > experience with sssd, admittedly.) > > When the flurries happen, system load increases markedly, and we suspect > that a recent system crash was related. > > Our sssd.conf: > > ---------- > [sssd] > services = nss, pam > config_file_version = 2 > domains = notarealdomain.com > [nss] > [pam] > [domain/notarealdomain.com] > id_provider = ad > access_provider = ad > ldap_id_mapping=false > krb5_keytab=/etc/krb5.sssd.keytab > ---------- > > thanks in advance, > -r > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/admin/lists/[email protected] _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
