yum update from 7.5.1804 to 7.6.1810 breaks sssd

Support for security such as Firewalls and securing linux
Post Reply
tlee
Posts: 5
Joined: 2017/10/03 20:23:54

yum update from 7.5.1804 to 7.6.1810 breaks sssd

Post by tlee » 2018/12/06 15:57:35

I was able to join an AD domain just fine in 7.5.1804. Did an yum update to 7.6.1810 and it does not work anymore.

If I update after joining the domain, then cannot authenticate domain users after the update.

I get the following message when the domain join fails: (realm -v join -U myuser mydc.mydomain.com)

realmd: adcli: couldn't connect to mydomain.com domain: Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot allocate memory)

Note ... the user appears to authenticate ok but the join fails.

[root@myhost ~]# realm -v join -U svcaccount domainctrlr.foo.corp
* Resolving: _ldap._tcp.domainctrlr.foo.corp
* Resolving: domainctrlr.foo.corp
* Performing LDAP DSE lookup on: 10.1.1.1
* Successfully discovered: foo.corp
Password for svcaccount:
* Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/sbin/adcli
* LANG=C /usr/sbin/adcli join --verbose --domain foo.corp --domain-realm foo.corp --domain-controller 10.1.1.1 --login-type user --login-user svcaccount --stdin-password
* Using domain name: foo.corp
* Calculated computer account name from fqdn: MYHOST
* Using domain realm: foo.corp
* Sending netlogon pings to domain controller: cldap://10.1.1.1
* Received NetLogon info from: domainctrlr.foo.corp
* Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-gwN43N/krb5.d/adcli-krb5-conf-6LuR6I
* Authenticated as user: svcaccount@foo.corp
! Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot allocate memory)
adcli: couldn't connect to foo.corp domain: Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot allocate memory)
! Insufficient permissions to join the domain
realm: Couldn't join realm: Insufficient permissions to join the domain

Post Reply