Failing To Authenticate User On Oracle Linux 7 Running UEK3 With AD Reporting Error 'Invalid UID in persistent keyring name'

(Doc ID 2397882.1)

Last updated on MAY 15, 2018

Applies to:

Linux OS - Version Oracle Linux 7.0 and later
Information in this document applies to any platform.

Symptoms

A new Oracle Linux 7 system using UEK3 has been configured to use AD authentication but when attempting to log in with a user it results in "Permission Denied" error.

The issue continues even after applying the solution posted in the document below:

Oracle OL: AD Authentication Failed With Error ' sssd: Invalid UID in persistent keyring name' (Doc ID 2058866.1)

Reviewing the OS logs show the following errors being displayed.

/var/log/secure log:
May 1 16:18:10 hostname sshd[23760]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=user@domain.com
May 1 16:18:10 hostname sshd[23760]: pam_sss(sshd:auth): received for user user@domain.com: 4 (System error)
May 1 16:18:10 hostname sshd[23760]: Failed password for user@domain.com from ::1 port 53435 ssh2

/var/log/sssd/sssd_domain.com.log:
(Tue May 1 16:18:10 2018) [sssd[be[uhcl.edu]]] [parse_krb5_child_response] (0x1000): child response [1432158209][6][8].
(Tue May 1 16:18:10 2018) [sssd[be[uhcl.edu]]] [krb5_auth_done] (0x0040): The krb5_child process returned an error. Please inspect the krb5_child.log file or the journal for more information

/var/log/sssd/krb5_child.log:
(Tue May 1 16:18:10 2018) [[sssd[krb5_child[23763]]]] [sss_child_krb5_trace_cb] (0x4000): [23763] 1525209490.999: Destroying ccache MEMORY:eTaYv2H
(Tue May 1 16:18:10 2018) [[sssd[krb5_child[23763]]]] [validate_tgt] (0x0400): TGT verified using key for [XXXX$@domain.com].
(Tue May 1 16:18:10 2018) [[sssd[krb5_child[23763]]]] [sss_child_krb5_trace_cb] (0x4000): [23763] 1525209490.1000: Retrieving user@domain.com -> XXXX$@domain.com from MEMORY:rd_req2 with result: 0/Success
(Tue May 1 16:18:10 2018) [[sssd[krb5_child[23763]]]] [sss_child_krb5_trace_cb] (0x4000): [23763] 1525209490.1001: Retrieving XXXX$@domain.com from MEMORY:/etc/krb5.keytab (vno 3, enctype aes256-cts) with result: 0/Success
(Tue May 1 16:18:10 2018) [[sssd[krb5_child[23763]]]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2].
(Tue May 1 16:18:10 2018) [[sssd[krb5_child[23763]]]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [user\@domain.com@domain.com] might not be correct.
(Tue May 1 16:18:10 2018) [[sssd[krb5_child[23763]]]] [sss_child_krb5_trace_cb] (0x4000): [23763] 1525209490.1002: Destroying ccache MEMORY:rd_req2
(Tue May 1 16:18:10 2018) [[sssd[krb5_child[23763]]]] [sss_get_ccache_name_for_principal] (0x4000): Location: [KEYRING:persistent:979004145]
(Tue May 1 16:18:10 2018) [[sssd[krb5_child[23763]]]] [sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed: [-1750600185][Invalid UID in persistent keyring name]
(Tue May 1 16:18:10 2018) [[sssd[krb5_child[23763]]]] [create_ccache] (0x0020): 973: [-1750600185][Invalid UID in persistent keyring name]
(Tue May 1 16:18:10 2018) [[sssd[krb5_child[23763]]]] [map_krb5_error] (0x0020): 1657: [-1750600185][Invalid UID in persistent keyring name]
(Tue May 1 16:18:10 2018) [[sssd[krb5_child[23763]]]] [k5c_send_data] (0x0200): Received error code 1432158209
(Tue May 1 16:18:10 2018) [[sssd[krb5_child[23763]]]] [pack_response_packet] (0x2000): response packet size: [20]
(Tue May 1 16:18:10 2018) [[sssd[krb5_child[23763]]]] [k5c_send_data] (0x4000): Response sent.

Changes

 N/A

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms