Carl Pettersson (EXT BN) skrev den 2015-06-24 20:38:
>> No, it's a bug in SSSD.
>
>>
>
>> 6.6 is already quite old in SSSD terms, could you please try a newer
>
>> version from this COPR repo?
>
>>https://copr.fedoraproject.org/coprs/lslebodn/sssd-1-12/
>
>>
>
>> 1.12.5 is more-or-less equivalent to what 6.7 will include..
>
> Thanks! I installed that version, and now I get a different error:
>
> (Wed Jun 24 20:21:26 2015) [sssd[be[AD.EXAMPLE.COM]]] [sasl_bind_send]
> (0x0100): Executing sasl bind mech: gssapi, user: MACHINE$
>
> (Wed Jun 24 20:21:26 2015) [sssd[be[AD.EXAMPLE.COM]]] [sasl_bind_send]
> (0x0020): ldap_sasl_bind failed (-2)[Local error]
>
> (Wed Jun 24 20:21:26 2015) [sssd[be[AD.EXAMPLE.COM]]] [sasl_bind_send]
> (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI
> Error: Unspecified GSS failure. Minor code may provide more
> information (Server not found in Kerberos database)]
>
Does MACHINE have a corresponding computer account in AD?
Regards
Davor
Yes (in the
ad.example.com domain)
> (Wed Jun 24 20:21:26 2015) [sssd[be[AD.EXAMPLE.COM]]]
> [child_sig_handler] (0x1000): Waiting for child [22372].
>
> (Wed Jun 24 20:21:26 2015) [sssd[be[AD.EXAMPLE.COM]]]
> [child_sig_handler] (0x0100): child [22372] finished successfully.
>
> (Wed Jun 24 20:21:26 2015) [sssd[be[AD.EXAMPLE.COM]]]
> [fo_set_port_status] (0x0100): Marking port 389 of server
> 'foo-ad02.a.foo.com' as 'not working'
>
> (I hope this gets threaded properly, I didn’t get the reply to my
> mailbox, but read your answer on the archive web)
>
> Best regards,
>
> Carl
>
>
>