SSSD Kerberos AD Centos troubleshooting

active-directory centos6 sssd

Try installing and running msktutil (it is available through EPEL).

To install:

yum -y --enablerepo=epel install msktutil

To run it:

msktutil --auto-update --server my-ad --verbose

And run a kinit after that:

kinit -k server-new$

Also, You should cron these two jobs to run every 6 hours or so. That way your tickets do not expire.

Answer to EDIT4: you should be able to specify a server with net ads join -k -S, but by default it will search your DNS for SRV records. Which is fine. Unless you don't want that. If you want a specific site to use different DC's than another, look at Active Directory Sites & Services.


This is usually caused by canonicalization. Try adding:

rdns=false

to krb5.conf and also

SASL_NOCANON true

to ldap.conf

(both are already the default in RHEL-7).

Related

One VPC or many VPC's
2 separate postfix instances and confusion with IP's in received field of mail message
Python function to convert seconds into minutes, hours, and days
How do I set a variable to a index of a list?
Always include first line in grep
How do I correctly add type-hints to Mixin classes?
Errors broke app after updating to Xcode 13
ftp_rawlist returns false when connected [duplicate]
Enabling Activity Logs Diagnostic Settings using Terraform
What does `((void (*)())0x1000)();` mean? [duplicate]
how to use optional parameter in codeigniter
why is pdf from internal storage not showing in webview