Hi all,
I've just built a RHEL 6.7 Beta VM to test the new SSSD release, and have come across a strange issue.
I can successfully kinit and join our AD domain with "net ads join -k" but sssd won't start. The logs contain:
[ad_set_ad_id_options] (0x0100): Option krb5_realm set to EXAMPLE.COM [sdap_set_sasl_options] (0x0100): Will look for rhel67.example.com@EXAMPLE.COM in default keytab [select_principal_from_keytab] (0x0200): trying to select the most appropriate principal from keytab [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. [select_principal_from_keytab] (0x0080): No suitable principal found in keytab [select_principal_from_keytab] (0x0010): Failed to read keytab [default]: No such file or directory [ad_set_ad_id_options] (0x0040): Cannot set the SASL-related options [load_backend_module] (0x0010): Error (2) in module (ad) initialization (sssm_ad_id_init)! [be_process_init] (0x0010): fatal error initializing data providers
Had a little feedback from Lukas, who suggested I ran "klist -kt". This gives:
# klist -kt Keytab name: FILE:/etc/krb5.keytab klist: No such file or directory while starting keytab scan
Any ideas?
John