On 3.1.2022 17.50, leonardo wrote:
Package: sssd Version: 2.6.1-1 Severity: important X-Debbugs-Cc: leone2...@leone2000.netDear Maintainer, I had some authentication problems, in /var/log/sssd/sssd_<MYDOMAIN>.log: * (2022-01-02 0:01:25): [be[MYDOMAIN]] [sasl_bind_send] (0x0100): Executing sasl bind mech: GSS-SPNEGO, user: PCLEONOVO$ * (2022-01-02 0:01:25): [be[MYDOMAIN]] [ad_sasl_log] (0x0040): SASL: No worthy mechs found ********************** BACKTRACE DUMP ENDS HERE ********************************* (2022-01-02 0:01:25): [be[MYDOMAIN]] [sasl_bind_send] (0x0020): ldap_sasl_interactive_bind_s failed (-6)[Unknown authentication method] (2022-01-02 0:01:25): [be[MYDOMAIN]] [sdap_cli_connect_recv] (0x0040): Unable to establish connection [1432158227]: Authentication Failed ********************** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE: * (2022-01-02 0:01:25): [be[MYDOMAIN]] [sasl_bind_send] (0x0020): ldap_sasl_interactive_bind_s failed (-6)[Unknown authentication method] * (2022-01-02 0:01:25): [be[MYDOMAIN]] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-4): no mechanism available: No worthy mechs found] * (2022-01-02 0:01:25): [be[MYDOMAIN]] [sdap_cli_connect_recv] (0x0040): Unable to establish connection [1432158227]: Authentication Failed ********************** BACKTRACE DUMP ENDS HERE ********************************* I tried to unjoin and now, when i try to join again, adcli returns: * Using GSS-SPNEGO for SASL bind ! Couldn't authenticate to active directory: SASL(-4): no mechanism available: No worthy mechs found adcli: couldn't connect to MYDOMAIN domain: Couldn't authenticate to active directory: SASL(-4): no mechanism available: No worthy mechs found ! Insufficient permissions to join the domain realm: Couldn't join realm: Insufficient permissions to join the domain This happened after upgrade from from 2.5.2 to 2.6.1 (no problem with 2.5.2), the AD domain is Windows 2012r2 patched with november 2021 updates. -- System Information: Debian Release: bookworm/sid APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.15.0-2-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages sssd depends on: ii python3-sss 2.6.1-1 ii sssd-ad 2.6.1-1 ii sssd-common 2.6.1-1 ii sssd-ipa 2.6.1-1 ii sssd-krb5 2.6.1-1 ii sssd-ldap 2.6.1-1 ii sssd-proxy 2.6.1-1 sssd recommends no packages. sssd suggests no packages. -- no debconf information _______________________________________________ Pkg-sssd-devel mailing list pkg-sssd-de...@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-sssd-devel
this is caused by cyrus-sasl2, see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000152 -- t
