yum update from 7.5.1804 to 7.6.1810 breaks sssd

Support for security such as Firewalls and securing linux
Post Reply
tlee
Posts: 5
Joined: 2017/10/03 20:23:54

yum update from 7.5.1804 to 7.6.1810 breaks sssd

Post by tlee » 2018/12/06 15:57:35

I was able to join an AD domain just fine in 7.5.1804. Did an yum update to 7.6.1810 and it does not work anymore.

If I update after joining the domain, then cannot authenticate domain users after the update.

I get the following message when the domain join fails: (realm -v join -U myuser mydc.mydomain.com)

realmd: adcli: couldn't connect to mydomain.com domain: Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot allocate memory)

Note ... the user appears to authenticate ok but the join fails.

[root@myhost ~]# realm -v join -U svcaccount domainctrlr.foo.corp
* Resolving: _ldap._tcp.domainctrlr.foo.corp
* Resolving: domainctrlr.foo.corp
* Performing LDAP DSE lookup on: 10.1.1.1
* Successfully discovered: foo.corp
Password for svcaccount:
* Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/sbin/adcli
* LANG=C /usr/sbin/adcli join --verbose --domain foo.corp --domain-realm foo.corp --domain-controller 10.1.1.1 --login-type user --login-user svcaccount --stdin-password
* Using domain name: foo.corp
* Calculated computer account name from fqdn: MYHOST
* Using domain realm: foo.corp
* Sending netlogon pings to domain controller: cldap://10.1.1.1
* Received NetLogon info from: domainctrlr.foo.corp
* Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-gwN43N/krb5.d/adcli-krb5-conf-6LuR6I
* Authenticated as user: svcaccount@foo.corp
! Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot allocate memory)
adcli: couldn't connect to foo.corp domain: Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot allocate memory)
! Insufficient permissions to join the domain
realm: Couldn't join realm: Insufficient permissions to join the domain

ccheltenham
Posts: 12
Joined: 2018/12/05 15:21:23

Re: yum update from 7.5.1804 to 7.6.1810 breaks sssd

Post by ccheltenham » 2018/12/10 19:07:58

My friend, you are not the only one where the 7.6 upgrade has broken sssd.
I wish i had an answer but it good to know I was not the only one.

User avatar
TrevorH
Forum Moderator
Posts: 26971
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: yum update from 7.5.1804 to 7.6.1810 breaks sssd

Post by TrevorH » 2018/12/10 21:04:16

Try yum --enablerepo=C7.5.1804-base,C7.5.1804-updates downgrade krb5-libs
CentOS 5 died in March 2017 - migrate NOW!
CentOS 6 goes EOL sooner rather than later, get upgrading!
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 7 - Security Support”