I’m encountering a strange problem on some of my Ubuntu 14.0.4 LTS servers. I have yet to encounter the same problem on any of the CentOS or RHEL6/7 servers.

 

After a few days of working fine, all of the sudden users can’t log in. I can fix the problem easily by using ‘realm leave’ and ‘realm join’, but this isn’t optimal since users can go a day or two before it gets fixed. I thought at first it was clock drift causing a problem with the Kerberos ticket, but this last time I made sure to check the date before I rejoined the realm.

 

Oct 19 10:16:30 myserver [sssd[ldap_child[19092]]]: Preauthentication failed

Oct 19 10:16:31 myserver [sssd[ldap_child[19093]]]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Preauthentication failed. Unable to create GSSAPI-encrypted LDAP connection.

 

sssd 1.12.5

 

Any ideas?