All of my F35 hosts no longer have working active directory authentication via sssd... and I'm receiving the following segfault error every few seconds: sssd_be[pid]: segfault at 0 ip 00007f9cfecb00da sp 00007ffd389203e8 error 4 in libc.so.6 In the journal log entries for sssd I see: sssd_be[2341]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (KDC has no support for encryption type)
Please see recommendations at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/integrating_rhel_systems_directly_with_windows_active_directory/connecting-rhel-systems-directly-to-ad-using-sssd_integrating-rhel-systems-directly-with-active-directory#ensuring-support-for-common-encryption-types-in-ad-and-rhel_connecting-rhel-systems-directly-to-ad-using-sssd Fedora 35 does not enable RC4 cipher in Kerberos, this means SSSD would attempt to use AES ciphers by default. If your AD users do not have AES keys, then there would be no common encryption type. It would, however, be good to see the full crash dump and stack trace. May be there is something else at play too. Could you please enable 'debug_level=9' in the domain section?
I used the recommendation from the RHEL8 article that you pointed me to... and that works. I just didn't expect this behavior having run into the problem as a result of upgrading from F34 (where it was working) to F35. Sounds like something to have a wiki page about. Marking as closed.
Hi, Could you please still provide a coredump and, ideally, sssd_$domain.log with debug_level=9 that corresponds this crash? IIRC, sssd_be doesn't operate kerberos credentials so dump shouldn't have it either, but if this worries you please feel free to email me or sssd-maintainers.org directly.
Sorry, I don't have any more broken systems to do that stuff.
Please reopen in case new information available.
Same problem on Oracle Linux 9 & RedHat Enterprise Linux 9. Have coredump file & sssd_[DOMAIN].log Problem repeat each 4 hours (1440s).