On Thu, May 07, 2015 at 11:35:21AM +0100, John Beranek wrote:
Hi all,
I've just built a RHEL 6.7 Beta VM to test the new SSSD release, and have come across a strange issue.
I can successfully kinit and join our AD domain with "net ads join -k" but sssd won't start. The logs contain:
you have to make sure that net ads join really creates a keytab. Please check 'kerberos method' in the smb.conf man page. By default the keys are written only to samba's internal secrets.tdb.
As an alternative you might want to consider using the realm command to join the AD domain.
HTH
bye, Sumit
[ad_set_ad_id_options] (0x0100): Option krb5_realm set to EXAMPLE.COM [sdap_set_sasl_options] (0x0100): Will look for rhel67.example.com@EXAMPLE.COM in default keytab [select_principal_from_keytab] (0x0200): trying to select the most appropriate principal from keytab [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed. [select_principal_from_keytab] (0x0080): No suitable principal found in keytab [select_principal_from_keytab] (0x0010): Failed to read keytab [default]: No such file or directory [ad_set_ad_id_options] (0x0040): Cannot set the SASL-related options [load_backend_module] (0x0010): Error (2) in module (ad) initialization (sssm_ad_id_init)! [be_process_init] (0x0010): fatal error initializing data providers
Had a little feedback from Lukas, who suggested I ran "klist -kt". This gives:
# klist -kt Keytab name: FILE:/etc/krb5.keytab klist: No such file or directory while starting keytab scan
Any ideas?
John
-- John Beranek To generalise is to be an idiot. http://redux.org.uk/ -- William Blake
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users