Unable to create GSSAPI-encrypted LDAP connection

UCS - Univention Corporate Server
, ,
#1

Hi@all,

I have been searching my fingers since yesterday but have not found a solution. I had this problem (or similar) before but also then no solution found.

I have an Ubuntu 23.04 VM that I can run with:

into the domain. Everything works as well. I can login with all ADS users on the machine, getent passwd returns all domain users. However, I constantly have this error in the log:

Mai 13 10:05:35 media01 ldap_child[998]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Preauthentication failed. Unable to create GSSAPI-encrypted LDAP connection.

My search showed that there is something wrong with the version number (KVNO) but I don’t see an error. On the Ubuntu client:

root@media01:~# klist -k -t /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp           Principal
---- ------------------- ------------------------------------------------------
  12 17.01.2023 09:29:00 MEDIA01$@LAN.INTERN.LAN
  12 17.01.2023 09:29:00 MEDIA01$@LAN.INTERN.LAN
  12 17.01.2023 09:29:00 host/MEDIA01@LAN.INTERN.LAN
  13 16.02.2023 18:40:33 MEDIA01$@LAN.INTERN.LAN
  12 17.01.2023 09:29:00 host/MEDIA01@LAN.INTERN.LAN
  13 16.02.2023 18:40:33 MEDIA01$@LAN.INTERN.LAN
  13 16.02.2023 18:40:33 host/MEDIA01@LAN.INTERN.LAN
  13 16.02.2023 18:40:33 host/MEDIA01@LAN.INTERN.LAN
  12 17.01.2023 09:29:00 RestrictedKrbHost/MEDIA01@LAN.INTERN.LAN
  12 17.01.2023 09:29:00 RestrictedKrbHost/MEDIA01@LAN.INTERN.LAN
  13 16.02.2023 18:40:33 MEDIA01$@LAN.INTERN.LAN
  13 16.02.2023 18:40:33 RestrictedKrbHost/MEDIA01@LAN.INTERN.LAN
  13 13.05.2023 08:47:14 MEDIA01$@LAN.INTERN.LAN
  13 13.05.2023 08:47:14 MEDIA01$@LAN.INTERN.LAN
  12 17.01.2023 09:29:00 MEDIA01$@LAN.INTERN.LAN
  12 13.05.2023 08:28:51 host/MEDIA01@LAN.INTERN.LAN
  12 13.05.2023 08:28:51 host/MEDIA01@LAN.INTERN.LAN
  13 16.02.2023 18:40:33 host/MEDIA01@LAN.INTERN.LAN
  13 16.02.2023 18:40:33 RestrictedKrbHost/MEDIA01@LAN.INTERN.LAN
  13 13.05.2023 08:47:14 host/MEDIA01@LAN.INTERN.LAN
  13 16.02.2023 18:40:33 RestrictedKrbHost/MEDIA01@LAN.INTERN.LAN
  13 13.05.2023 08:47:14 host/MEDIA01@LAN.INTERN.LAN
  12 17.01.2023 09:29:00 host/MEDIA01@LAN.INTERN.LAN
  12 17.01.2023 09:29:00 RestrictedKrbHost/MEDIA01@LAN.INTERN.LAN
  12 13.05.2023 08:28:51 host/MEDIA01@LAN.INTERN.LAN
  13 13.05.2023 08:47:14 MEDIA01$@LAN.INTERN.LAN
  13 13.05.2023 08:47:14 RestrictedKrbHost/MEDIA01@LAN.INTERN.LAN
  13 13.05.2023 08:47:14 host/MEDIA01@LAN.INTERN.LAN
  13 13.05.2023 08:47:14 RestrictedKrbHost/MEDIA01@LAN.INTERN.LAN
  13 13.05.2023 08:47:14 RestrictedKrbHost/MEDIA01@LAN.INTERN.LAN

Can anyone tell me what the problem is?

with best
sven

#2

Here:

https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/E56HE4265CAS5MY4VEOKVKCOOJTWDBNV/

the behavior is described. However, the commands used there are not available on UCS

Mastodon