[Pkg-sssd-devel] Bug#1003067: sssd: ssd offline SASL: No worthy mechs found
leonardo
leone2000 at leone2000.net
Mon Jan 3 15:50:20 GMT 2022
Package: sssd
Version: 2.6.1-1
Severity: important
X-Debbugs-Cc: leone2000 at leone2000.net
Dear Maintainer,
I had some authentication problems, in /var/log/sssd/sssd_<MYDOMAIN>.log:
* (2022-01-02 0:01:25): [be[MYDOMAIN]] [sasl_bind_send] (0x0100): Executing sasl bind mech: GSS-SPNEGO, user: PCLEONOVO$
* (2022-01-02 0:01:25): [be[MYDOMAIN]] [ad_sasl_log] (0x0040): SASL: No worthy mechs found
********************** BACKTRACE DUMP ENDS HERE *********************************
(2022-01-02 0:01:25): [be[MYDOMAIN]] [sasl_bind_send] (0x0020): ldap_sasl_interactive_bind_s failed (-6)[Unknown authentication method]
(2022-01-02 0:01:25): [be[MYDOMAIN]] [sdap_cli_connect_recv] (0x0040): Unable to establish connection [1432158227]: Authentication Failed
********************** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE:
* (2022-01-02 0:01:25): [be[MYDOMAIN]] [sasl_bind_send] (0x0020): ldap_sasl_interactive_bind_s failed (-6)[Unknown authentication method]
* (2022-01-02 0:01:25): [be[MYDOMAIN]] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-4): no mechanism available: No worthy mechs found]
* (2022-01-02 0:01:25): [be[MYDOMAIN]] [sdap_cli_connect_recv] (0x0040): Unable to establish connection [1432158227]: Authentication Failed
********************** BACKTRACE DUMP ENDS HERE *********************************
I tried to unjoin and now, when i try to join again, adcli returns:
* Using GSS-SPNEGO for SASL bind
! Couldn't authenticate to active directory: SASL(-4): no mechanism available: No worthy mechs found
adcli: couldn't connect to MYDOMAIN domain: Couldn't authenticate to active directory: SASL(-4): no mechanism available: No worthy mechs found
! Insufficient permissions to join the domain
realm: Couldn't join realm: Insufficient permissions to join the domain
This happened after upgrade from from 2.5.2 to 2.6.1 (no problem with 2.5.2), the AD domain is Windows 2012r2 patched with november 2021 updates.
-- System Information:
Debian Release: bookworm/sid
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.15.0-2-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages sssd depends on:
ii python3-sss 2.6.1-1
ii sssd-ad 2.6.1-1
ii sssd-common 2.6.1-1
ii sssd-ipa 2.6.1-1
ii sssd-krb5 2.6.1-1
ii sssd-ldap 2.6.1-1
ii sssd-proxy 2.6.1-1
sssd recommends no packages.
sssd suggests no packages.
-- no debconf information
More information about the Pkg-sssd-devel
mailing list