[Freeipa-users] "Failed to initialize credentials using keytab [default]" errors on functioning clients
Jakub Hrozek
jhrozek at redhat.com
Wed Feb 3 07:30:45 UTC 2016
On Tue, Feb 02, 2016 at 04:59:37PM -0800, Terence Kent wrote:
> Hello,
>
> We’ve been using SSSD with FreeIPA very successfully for a while now - we love it. Recently, we’ve noticed that all our linux hosts (All Ubuntu 14.04) log the following message pretty regularly (several dozen times per day):
>
> "Failed to initialize credentials using keytab [default]: Generic error (see e-text). Unable to create GSSAPI-encrypted LDAP connection.”
>
> Now, outside of this message, we have no symptoms that things aren’t functioning properly. SSSD is properly recognizing changes whenever we update our FreeIPA server.
>
> Can anyone point us in the right direction on how to fix this issue? So far, we’ve done the following:
>
> 1. Verified the /etc/krb5.keytab seems to be fine (and it does).
with kinit -k, right?
> 2. Verified that changes to our FreeIPA servers properly get replicated to the clients.
strange, I would have thought that this would cause the client to go
offline. Can you send the complete logs? Ideally ldap_child.log and
sssd_$domain.log
More information about the Freeipa-users
mailing list