Hi all,

I've just built a RHEL 6.7 Beta VM to test the new SSSD release, and have come across a strange issue.

I can successfully kinit and join our AD domain with "net ads join -k" but sssd won't start. The logs contain:

[ad_set_ad_id_options] (0x0100): Option krb5_realm set to EXAMPLE.COM
[sdap_set_sasl_options] (0x0100): Will look for rhel67.example.com@EXAMPLE.COM in default keytab
[select_principal_from_keytab] (0x0200): trying to select the most appropriate principal from keytab
[find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
[find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
[find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
[find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
[find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
[find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
[find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
[select_principal_from_keytab] (0x0080): No suitable principal found in keytab
[select_principal_from_keytab] (0x0010): Failed to read keytab [default]: No such file or directory
[ad_set_ad_id_options] (0x0040): Cannot set the SASL-related options
[load_backend_module] (0x0010): Error (2) in module (ad) initialization (sssm_ad_id_init)!
[be_process_init] (0x0010): fatal error initializing data providers

Had a little feedback from Lukas, who suggested I ran "klist -kt". This gives:

# klist -kt
Keytab name: FILE:/etc/krb5.keytab
klist: No such file or directory while starting keytab scan

Any ideas?

John

--
John Beranek                         To generalise is to be an idiot.
http://redux.org.uk/                                 -- William Blake