gssproxy/gss failure spamming AD

Support for security such as Firewalls and securing linux
vtwin@cox.net
Posts: 10
Joined: 2017/02/16 16:41:29

gssproxy/gss failure spamming AD

Postby vtwin@cox.net » 2017/10/18 12:52:02

Not sure if this belongs under networking or under security.

For about 6 months I've had a series of my Centos 7 servers configured with realmd / sssd to allow user authentication against my active directory domain. This has worked exceptionally well with little problems.

The past few days, a few servers have started hammering active directory attempting to authenticate a non-existent account, "host". At first, I thought perhaps someone was attempting to log in through sshd as "host", but, checking the log files on these servers, I see dozens of the following error messages in my log file, roughly every 5 minutes:

gssproxy[pid]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information,
Client 'host/myhostname.mydomain.com@mydomain.com' not found in Kerberos database

I have a dozen other servers which are set up the exact same way which are not generating this error. I have no idea what is causing it, or how to rectify it. I've tried removing the machine from AD (realm leave) and re-adding it, doesn't fix the problem.

I should note that the system seems to be operating normally (people logging in etc)

Any assistance would be appreciated.

vtwin@cox.net
Posts: 10
Joined: 2017/02/16 16:41:29

Re: gssproxy/gss failure spamming AD

Postby vtwin@cox.net » 2017/10/25 13:25:50

Bump.

Anyone?

For the moment, I removed the nfs-server and nfs-client conf files in /etc/gssproxy, which seems to eliminate the error... but I have no idea why it is occurring on this machine to begin with, since I do not use kerberos authentication with nfs at all anywhere.