[Freeipa-users] sssd failed with 'ldap_sasl_bind failed (-2)[Localerror]'
Matrix
matrix.zj at qq.com
Thu Nov 10 09:22:26 UTC 2016
debug steps have been tried:
1 kinit is workable:
# /usr/kerberos/bin/kinit -k host/client02.stg.example.net at EXAMPLE.NET
# /usr/kerberos/bin/klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: host/client02.stg.example.net at EXAMPLE.NET
Valid starting Expires Service principal
11/10/16 09:18:00 11/11/16 09:17:35 krbtgt/EXAMPLE.NET at EXAMPLE.NET
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
2 ldapwhoami with krb auth failed.
# ldapwhoami -Y GSSAPI -h ipaslave.stg.example.net
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Mutual authentication failed)
Matrix
------------------ Original ------------------
From: "Matrix";<matrix.zj at qq.com>;
Date: Thu, Nov 10, 2016 02:11 PM
To: "freeipa-users"<freeipa-users at redhat.com>;
Subject: [Freeipa-users] sssd failed with 'ldap_sasl_bind failed (-2)[Localerror]'
Hi,
I have installed sssd in a RHEL5 client.
ipa-client/sssd version:
ipa-client-2.1.3-7.el5
sssd-client-1.5.1-71.el5
sssd-1.5.1-71.el5
sssd failed to get ipa user info with 'ldap_sasl_bind failed (-2)[Local error]'.
(Thu Nov 10 05:52:45 2016) [sssd[be[stg.example.net]]] [sasl_bind_send] (4): Executing sasl bind mech: GSSAPI, user: host/client02.stg.example.net
(Thu Nov 10 05:52:45 2016) [sssd[be[stg.example.net]]] [sasl_bind_send] (1): ldap_sasl_bind failed (-2)[Local error]
(Thu Nov 10 05:52:45 2016) [sssd[be[stg.example.net]]] [child_sig_handler] (7): Waiting for child [11117].
(Thu Nov 10 05:52:45 2016) [sssd[be[stg.example.net]]] [child_sig_handler] (4): child [11117] finished successfully.
I have tried to google to find root cause. some link explained it should be something wrong with dns. I have double confirmed it.
# nslookup client02.stg.example.net
Server: 10.2.1.21
Address: 10.2.1.21#53
Name: client02.stg.example.net
Address: 10.2.3.32
# nslookup 10.2.3.32
Server: 10.2.1.21
Address: 10.2.1.21#53
32.3.2.10.in-addr.arpa name = client02.stg.example.net.
# nslookup ipaslave.stg.example.net
Server: 10.2.1.21
Address: 10.2.1.21#53
Name: ipaslave.stg.example.net
Address: 10.2.1.250
# nslookup 10.2.1.250
Server: 10.2.1.21
Address: 10.2.1.21#53
250.1.2.10.in-addr.arpa name = ipaslave.stg.example.net.
Any hints or troubleshooting ideas would be appreciated.
Matrix
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161110/90ed8e99/attachment.htm>
More information about the Freeipa-users
mailing list