On Thu, Jun 15, 2017 at 08:35:59AM -0000, Rishat Teregulov wrote: > All logs too big > https://contattafiles.s3-us-west-1.amazonaws.com/tnt3511/wqtpj4q4fAwIX3p/sssd.logs
I see: (Thu Jun 15 08:34:24 2017) [sssd[be[AD.DOMAIN.EXAMPLE]]] [ad_sasl_log] (0x0040): SASL: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) (Thu Jun 15 08:34:24 2017) [sssd[be[AD.DOMAIN.EXAMPLE]]] [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error] (Thu Jun 15 08:34:24 2017) [sssd[be[AD.DOMAIN.EXAMPLE]]] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)] (Thu Jun 15 08:34:24 2017) [sssd[be[AD.DOMAIN.EXAMPLE]]] [child_sig_handler] (0x1000): Waiting for child [18783]. (Thu Jun 15 08:34:24 2017) [sssd[be[AD.DOMAIN.EXAMPLE]]] [child_sig_handler] (0x0100): child [18783] finished successfully. (Thu Jun 15 08:34:24 2017) [sssd[be[AD.DOMAIN.EXAMPLE]]] [_be_fo_set_port_status] (0x8000): Setting status: PORT_NOT_WORKING. Called from: ../src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_recv: 2039 On older distributions, it used to help to set rdns=false in krb5.conf and SASL_NOCANON on in ldap.conf. But it might be helpful to run kinit -kt && ldapsearch -Y GSSAPI with KRB5_TRACE=/dev/stderr to check for more diagnostic messages. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
