Sorry @compsos I didn’t mean to ping you when I copied your log.
I’m having this issue with my problem production server… my other servers, test, are all 693.5.2, does anyone know if this kernel corrects the issue? I ran into this while trying to update the dc… which failed with an auth error banner and this log;
Oct 28 16:48:21 server7c [sssd[ldap_child[17207]]]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Cannot contact any KDC for realm 'burbledo.COM'. Unable to create GSSAPI-encrypted LDAP connection.
Oct 28 16:48:21 server7c [sssd[ldap_child[17207]]]: Cannot contact any KDC for realm 'burbledo.COM'
Oct 28 16:48:22 server7c logger: Shorewall reloaded
Oct 28 16:48:22 server7c esmith::event[17079]: [NOTICE] Shorewall restart
Oct 28 16:48:22 server7c esmith::event[17079]: Action: /etc/e-smith/events/nethserver-firewall-base-save/S89nethserver-shorewall-restart SUCCESS [4.233884]
Oct 28 16:48:22 server7c systemd: Reloading.
Oct 28 16:48:22 server7c esmith::event[17079]: [INFO] service lsm is disabled: skipped
Oct 28 16:48:22 server7c esmith::event[17079]: Action: /etc/e-smith/events/actions/adjust-services SUCCESS [0.422545]
Oct 28 16:48:22 server7c esmith::event[17079]: Event: nethserver-firewall-base-save SUCCESS
Oct 28 16:48:22 server7c esmith::event[17078]: Action: /etc/e-smith/events/firewall-adjust/S20firewall-adjust SUCCESS [6.719383]
Oct 28 16:48:22 server7c esmith::event[17078]: Event: firewall-adjust SUCCESS
Oct 28 16:48:57 server7c httpd: [EXCEPTION] RuntimeException 1405610072: Nethgui\Model\SystemTasks: Socket read error (in /usr/share/nethesis/Nethgui/Model/SystemTasks.php:166)
Oct 28 16:49:04 server7c [sssd[ldap_child[17304]]]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Cannot contact any KDC for realm 'burbledo.COM'. Unable to create GSSAPI-encrypted LDAP connection.
Oct 28 16:49:04 server7c [sssd[ldap_child[17304]]]: Cannot contact any KDC for realm 'burbledo.COM'
Oct 28 16:49:27 server7c admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/20admin-user exit code 9
Oct 28 16:49:36 server7c httpd: [ERROR] NethServer\Tool\GroupProvider: Account provider generic error: SSSD exit code 1
Oct 28 16:49:36 server7c httpd: [ERROR] (1) SASL:[GSSAPI]: Failed to start authentication backend: NT_STATUS_INTERNAL_ERROR at /usr/share/perl5/vendor_perl/NethServer/LdapClient.pm line 126.
Oct 28 16:49:38 server7c sshd[17431]: Did not receive identification string from 192.168.124.107 port 51649
Oct 28 16:49:38 server7c [sssd[ldap_child[17438]]]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Cannot contact any KDC for realm 'burbledo.COM'. Unable to create GSSAPI-encrypted LDAP connection.
Oct 28 16:49:38 server7c [sssd[ldap_child[17438]]]: Cannot contact any KDC for realm 'burbledo.COM'
Oct 28 16:49:39 server7c admin-todos: (1) SASL:[GSSAPI]: Failed to start authentication backend: NT_STATUS_INTERNAL_ERROR at /usr/share/perl5/vendor_perl/NethServer/LdapClient.pm line 126.
Oct 28 16:50:21 server7c httpd: [ERROR] NethServer\Tool\GroupProvider: Account provider generic error: SSSD exit code 1
Oct 28 16:50:21 server7c httpd: [ERROR] (1) SASL:[GSSAPI]: Failed to start authentication backend: NT_STATUS_INTERNAL_ERROR at /usr/share/perl5/vendor_perl/NethServer/LdapClient.pm line 126.
Oct 28 16:50:23 server7c admin-todos: (1) SASL:[GSSAPI]: Failed to start authentication backend: NT_STATUS_INTERNAL_ERROR at /usr/share/perl5/vendor_perl/NethServer/LdapClient.pm line 126.
Since this is a production server I reverted back to the snapshot but then this issue came up and it took 2 reboots for proper operation… on 693.2.2, I haven’t backed down the kernel.
indent preformatted text by 4 spacesupdate failed: SERVFAIL
; TSIG error with server: tsig verify failure
update failed: SERVFAIL
; TSIG error with server: tsig verify failure
update failed: SERVFAIL
; TSIG error with server: tsig verify failure
update failed: SERVFAIL
: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
So, if 693.5.2 is good, I can update that and then update the dc I guess.