[Pkg-sssd-devel] Bug#1003067: Bug#1003067: sssd: ssd offline SASL: No worthy mechs found

Timo Aaltonen tjaalton at debian.org
Tue Jan 4 08:37:59 GMT 2022 

On 3.1.2022 17.50, leonardo wrote:
> Package: sssd
> Version: 2.6.1-1
> Severity: important
> X-Debbugs-Cc: leone2000 at leone2000.net
> 
> Dear Maintainer,
> 
> I had some authentication problems, in /var/log/sssd/sssd_<MYDOMAIN>.log:
> 
>     *  (2022-01-02  0:01:25): [be[MYDOMAIN]] [sasl_bind_send] (0x0100): Executing sasl bind mech: GSS-SPNEGO, user: PCLEONOVO$
>     *  (2022-01-02  0:01:25): [be[MYDOMAIN]] [ad_sasl_log] (0x0040): SASL: No worthy mechs found
> ********************** BACKTRACE DUMP ENDS HERE *********************************
> 
> (2022-01-02  0:01:25): [be[MYDOMAIN]] [sasl_bind_send] (0x0020): ldap_sasl_interactive_bind_s failed (-6)[Unknown authentication method]
> (2022-01-02  0:01:25): [be[MYDOMAIN]] [sdap_cli_connect_recv] (0x0040): Unable to establish connection [1432158227]: Authentication Failed
> ********************** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE:
>     *  (2022-01-02  0:01:25): [be[MYDOMAIN]] [sasl_bind_send] (0x0020): ldap_sasl_interactive_bind_s failed (-6)[Unknown authentication method]
>     *  (2022-01-02  0:01:25): [be[MYDOMAIN]] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-4): no mechanism available: No worthy mechs found]
>     *  (2022-01-02  0:01:25): [be[MYDOMAIN]] [sdap_cli_connect_recv] (0x0040): Unable to establish connection [1432158227]: Authentication Failed
> ********************** BACKTRACE DUMP ENDS HERE *********************************
> 
> I tried to unjoin and now, when i try to join again, adcli returns:
> 
>   * Using GSS-SPNEGO for SASL bind
>   ! Couldn't authenticate to active directory: SASL(-4): no mechanism available: No worthy mechs found
> adcli: couldn't connect to MYDOMAIN domain: Couldn't authenticate to active directory: SASL(-4): no mechanism available: No worthy mechs found
>   ! Insufficient permissions to join the domain
> realm: Couldn't join realm: Insufficient permissions to join the domain
> 
> This happened after upgrade from from 2.5.2 to 2.6.1 (no problem with 2.5.2), the AD domain is Windows 2012r2 patched with november 2021 updates.
> 
> 
> -- System Information:
> Debian Release: bookworm/sid
>    APT prefers stable-security
>    APT policy: (500, 'stable-security'), (500, 'testing'), (500, 'stable')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 5.15.0-2-amd64 (SMP w/4 CPU threads)
> Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
> 
> Versions of packages sssd depends on:
> ii  python3-sss  2.6.1-1
> ii  sssd-ad      2.6.1-1
> ii  sssd-common  2.6.1-1
> ii  sssd-ipa     2.6.1-1
> ii  sssd-krb5    2.6.1-1
> ii  sssd-ldap    2.6.1-1
> ii  sssd-proxy   2.6.1-1
> 
> sssd recommends no packages.
> 
> sssd suggests no packages.
> 
> -- no debconf information
> 
> _______________________________________________
> Pkg-sssd-devel mailing list
> Pkg-sssd-devel at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-sssd-devel
> 

this is caused by cyrus-sasl2, see:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000152


-- 
t

More information about the Pkg-sssd-devel mailing list