search for: sasl_bind_send

...solves to the *other* DC. I have been testing sssd on DC1 first of all. When the above DNS query resolves to DC1, I get: [be_resolve_server_process] (0x0200): Found address for server dc1.domain.tld: [1.2.3.4] TTL 900 [ldap_child_get_tgt_sync] (0x0100): Principal name is: [DC1$@DOMAIN.TLD] [...] [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: DC1$ [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not fou...

...st of all. When the above DNS query >> resolves to DC1, I get: >> >> [be_resolve_server_process] (0x0200): Found address for server >> dc1.domain.tld: [1.2.3.4] TTL 900 >> [ldap_child_get_tgt_sync] (0x0100): Principal name is: [DC1$@DOMAIN.TLD] >> [...] >> [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: DC1$ >> [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error] >> [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): >> generic failure: GSSAPI Error: Unspecified GSS failure. Minor code >> may prov...

...been testing sssd on DC1 first of all. When the above DNS query > resolves to DC1, I get: > > [be_resolve_server_process] (0x0200): Found address for server > dc1.domain.tld: [1.2.3.4] TTL 900 > [ldap_child_get_tgt_sync] (0x0100): Principal name is: [DC1$@DOMAIN.TLD] > [...] > [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: DC1$ > [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error] > [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): > generic failure: GSSAPI Error: Unspecified GSS failure. Minor code > may provide more informa...

OK, I've got a little further and I think I have tracked this down to a reverse DNS issue - which was non-obvious to me, so here is a write-up for the benefit of the archives. The part that was failing was this: [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: dc1$ [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not fou...

...re DC's, everything works fine when the machine is first bound to the domain. Sssd caches the login info, but eventually this times out and another call to Samba has to be made to refresh the cache. The SASL bind to the directory fails with: (Wed Aug 29 11:40:56 2012) [sssd[be[SAMBA4]]] [sasl_bind_send] (0x0020): ldap_sasl_bind failed (49)[Invalid credentials] Some time later, it starts working again, presumably because the first DC popped up in the name resolution order once again. The client configuration is unchanged from the first (working) scenario. As I said, everything works perfectl...

In need of some help here. I hope I haven't trimmed this too much. As I mentioned before, I have a CentOS 6.3 system using SSSD (only) bound to the samba4 DC as an LDAP server using the following in sssd.conf: [domain/SAMBA] ldap_default_bind_dn = CN=Administrator,CN=Users,DC=... ldap_default_authtok = <supersecret> ldap_default_authtok_type = password ... and everything