May 12 07:00:33 neth13 [sssd[ldap_child[1733]]]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Cannot contact any KDC for realm 'AD.xxxxxxxxxx.AT'. Unable to create GSSAPI-encrypted LDAP connection.
@robb is right, there are many conditions that can raise that error (a generic LDAP client library failure probably connected to Kerberos authentication process). That’s the reason why it’s still untranslated. Look in past threads for more info.
BTW I opened a PR to translate it to human language: ldap client internal error
May 13 08:54:24 neth13 systemd: Started System Security Services Daemon.
May 13 08:54:24 neth13 realmd: * /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && / usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service
May 13 08:54:25 neth13 sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Min or = Server not found in Kerberos database.
May 13 08:54:25 neth13 sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Min or = Server not found in Kerberos database.
May 13 08:54:26 neth13 sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Min or = Server not found in Kerberos database.
May 13 08:54:26 neth13 systemd: Reloading.
May 13 08:54:26 neth13 sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Min or = Server not found in Kerberos database.
May 13 08:54:26 neth13 systemd: Reloading.
May 13 08:54:26 neth13 realmd: * Successfully enrolled machine in realm
May 13 08:54:26 neth13 sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Min or = Server not found in Kerberos database.
...
May 13 08:55:24 neth13 esmith::event[5390]: expanding /etc/shorewall/snat
May 13 08:55:24 neth13 esmith::event[5390]: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [3.076049]
May 13 08:55:24 neth13 systemd: Reloading.
May 13 08:55:27 neth13 kernel: nf_log: can't load ipt_ULOG, conflicting nfnetlink_log already loaded
May 13 08:55:27 neth13 kernel: ipt_ULOG: ULOG: fail to register logger.
May 13 08:55:28 neth13 kernel: nf_log: can't load ipt_ULOG, conflicting nfnetlink_log already loaded
May 13 08:55:28 neth13 kernel: ipt_ULOG: ULOG: fail to register logger.
[root@neth13 ~]# journalctl -u sssd | grep 'tkey query'
May 13 08:54:25 neth13.mydomain.at sssd[4660]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
May 13 08:54:25 neth13.mydomain.at sssd[4660]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
May 13 08:54:26 neth13.mydomain.at sssd[4660]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
May 13 08:54:26 neth13.mydomain.at sssd[4660]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
May 13 08:54:26 neth13.mydomain.at sssd[4660]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
May 13 08:54:43 neth13.mydomain.at sssd[4809]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
May 13 08:54:43 neth13.mydomain.at sssd[4809]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
May 13 08:54:43 neth13.mydomain.at sssd[4809]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
May 13 08:54:43 neth13.mydomain.at sssd[4809]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
May 13 08:54:44 neth13.mydomain.at sssd[4809]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
I just ran into another error_82 too. I had to remove Samba4 account provider and re-add the accountprovider. Then recreate the users and groups.
Fortunately all data for mail (SOGo) was still in place and accessible for the new useraccounts.
What’s more important is that this can happen but shouldn’t happen again. Loosing the accountprovider ‘suddenly’ is a very bad thing. And instead of recreating the Samba4 AD environment, it should be ‘repairable’. In my case it was just 5 users and 3 groups that needed re-creation. But in a environment with many users and email addresses, this is a situation you don’t want to get into.
BTW, this server does have ‘crostino service plan’ (delayed updates).
Thnx for pointing to @indra’s topic. Reading through it now.
Agreed on finding the root problem is essential. In my case the quickest way was re-installing samba4 AD account provider. But I also agree this is the worst option possible.