Hi, Thank you for responding, but this issue is resolved. The problem was /etc/krb5.conf did not have proper (644) permissions. I should have tested by acquiring Kerberos TGT by running kinit. Unless ldapsearch and kinit work properly, SSSD will fail. Once, I fixed the permission on /etc/krb5.conf and was able to acquire TGT, SSSD worked fine after that. Thank Abhijit.
Regards, Fahad On Fri, May 7, 2021 at 11:39 PM Abhijit Roy <[email protected]> wrote: > Hello, > > Only system error 4 is not sufficient. System error 4 most of the time > indicates an issue with kerberos. > > Are you able to do # kinit -C ad_user/ldap_user@domain_name > > You need to enable sssd debugging and need to check. > > > Thank you, > > > *Abhijit Roy* > > He/Him/His > > Technical Support Engineer > > Red Hat Insights - Predict Risk. Get Guidance. Improve Security. > <https://www.redhat.com/en/technologies/management/insights> > > Red Hat Enterprise Linux 8. Any Cloud. Any Workload. One OS. > <https://www.redhat.com/en/enterprise-linux-8> > > <https://red.ht/sig> > > > On Sat, May 8, 2021 at 12:51 AM Fahad Sayed <[email protected]> wrote: > >> Hello, >> We upgraded our LDAP/Kerberos servers to CentOS7. As a test we pointed a >> VM (that is configured to authenticate with ldap/kerberos) to new >> ldap/kerberos servers. However, we get system error 4 in /var/log/secur. >> Under the troubleshooting section of the site, we're asked to join this >> mailing list to figure out what is going on. >> >> Also, we tried to point back to the existing ldap/kerberos servers on our >> test VM, we still get the system error 4. The new ldap/kerberos servers are >> identical to the old ones. Please, advice us on how we can proceed with >> troubleshooting this issue. Thank you. >> >> -F >> _______________________________________________ >> sssd-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> Do not reply to spam on the list, report it: >> https://pagure.io/fedora-infrastructure >> > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
