Team,
I am getting following message, after joined server in domain, still I am unable to login to server using my AD account. Please help
Jan 20 11:25:10 non-prod sssd[ldap_child[32592]][32592]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client's credentials have been revoked. Unable to create GSSAPI-encrypted LDAP connection.
FYI- CentOS - 7.9
Unable to create GSSAPI-encrypted LDAP connection
Re: Unable to create GSSAPI-encrypted LDAP connection
Problem with Linux server, I am unable to login to the server using AD account, and I can see that message in sssd service status, systemctl status sssd.service
Re: Unable to create GSSAPI-encrypted LDAP connection
I am not familiar with AD, but doesn't it have machine accounts? My reading of the message is that the machine account on the AD server is the problem.
Re: Unable to create GSSAPI-encrypted LDAP connection
I suspect your kerberos ticket is expired. Make sure your date/time is correct on both machines. Don't use it myself but I think the util needed to renew/replace it is kinit(?).
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Unable to create GSSAPI-encrypted LDAP connection
Issue resolved, after removed computer from OU in AD and re-joined server in domain, that resolved the issue.
RHEL 7/8
1. Take a backup of existing /etc/sssd/sssd.conf file:
Raw
# cp /etc/sssd/sssd.conf /tmp/sssd.bak
2. Then remove the system from domain using realm command as:
Raw
# realm leave
3. Make sure the old Keytab is deleted:
Raw
# rm /etc/krb5.keytab
4. Removed computer OU from AD server
5. Join the system to AD domain again.
Thank you all for your support.
RHEL 7/8
1. Take a backup of existing /etc/sssd/sssd.conf file:
Raw
# cp /etc/sssd/sssd.conf /tmp/sssd.bak
2. Then remove the system from domain using realm command as:
Raw
# realm leave
3. Make sure the old Keytab is deleted:
Raw
# rm /etc/krb5.keytab
4. Removed computer OU from AD server
5. Join the system to AD domain again.
Thank you all for your support.