Hello all, I have an IPA setup with AD and DNS resides on AD and am having issues authenticating with my clients.
Getting the Following error on my Clients: (Wed Mar 29 09:22:33 2017) [sssd[be[ipa.brad.local]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: GSSAPI, user: host/bradltest3.brad.local (Wed Mar 29 09:22:33 2017) [sssd[be[ipa.brad.local]]] [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error] (Wed Mar 29 09:22:33 2017) [sssd[be[ipa.brad.local]]] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/brad.lo...@ipa.brad.LOCAL not found in Kerberos database)] I don't think it is DNS because i can resolve both the IPA server and the client [root@bradltest3 ~]# host homeipa01.brad.local homeipa01.brad.local has address 11.10.10.17 [root@bradltest3 ~]# host 11.10.10.17 17.10.10.11.in-addr.arpa domain name pointer ipa-ca.ipa.brad.local. 17.10.10.11.in-addr.arpa domain name pointer homeipa01.brad.local. 17.10.10.11.in-addr.arpa domain name pointer homeipa01.ipa.brad.local. [root@bradltest3 ~]# host bradltest3.brad.local bradltest3.brad.local has address 11.10.10.24 [root@bradltest3 ~]# host 11.10.10.24 24.10.10.11.in-addr.arpa domain name pointer bradltest3.brad.local. I am at a loss on where to look next and any help or direction would be much appreciated. Thank you all in advance, Bradley Bishop
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
