Discussion:
[Freeipa-users] generic failure: GSSAPI Error: Unspecified GSS failure
Benoit Rousselle
2015-03-31 09:26:53 UTC
Permalink
hi,

I try to set the sudo password but I get a message : GSSAPI Error

What's mean this kind of message ?

ldappasswd -Y GSSAPI -S -h my_server
uid=sudo,cn=sysaccounts,cn=etc,dc=my_domain,dc=com
New password:
Re-enter new password:
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more information (Ticket
expired)
Sumit Bose
2015-03-31 09:58:57 UTC
Permalink
Post by Benoit Rousselle
hi,
I try to set the sudo password but I get a message : GSSAPI Error
What's mean this kind of message ?
ldappasswd -Y GSSAPI -S -h my_server
uid=sudo,cn=sysaccounts,cn=etc,dc=my_domain,dc=com
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
Unspecified GSS failure. Minor code may provide more information (Ticket
expired)
'Ticket expired', so you either have to call kinit again to get a fresh
TGT or there is some severe time mismatch between the client and the
server.

HTH

bye,
Sumit
Post by Benoit Rousselle
--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Andy Thompson
2015-03-31 14:13:55 UTC
Permalink
Post by Benoit Rousselle
I try to set the sudo password but I get a message : GSSAPI Error
What's mean this kind of message ?
ldappasswd -Y GSSAPI -S -h my_server
uid=sudo,cn=sysaccounts,cn=etc,dc=my_domain,dc=com
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
failure. Minor code may provide more information (Ticket expired)
Your kerberos ticket has expired. You need to get a new ticket using kinit and then try using gssapi.

-andy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Loading...