Forum: Too Lazy BBS

[validate_tgt] (0x0020): [RID#988] TGT failed verification using key for

From Marco Moock@mm@dorfdsl.de to comp.protocols.kerberos on Wed Jun 18 09:32:05 2025

From Newsgroup: comp.protocols.kerberos

Hello!

I want to attach a Fedora 42 system to MS AD. sssd seems to work as I
can retrieve user info from AD. Although, login on my system fails and
I get the following message in /var/log/sssd/krb5_child.log:

* (2025-06-18 8:02:33): [krb5_child[137885]] [validate_tgt]
(0x0020): [RID#988] TGT failed verification using key for
[redacted HOSTNAME]. ********************** BACKTRACE DUMP ENDS
HERE *********************************

(2025-06-18 8:02:33): [krb5_child[137885]] [get_and_save_tgt]
(0x0020): [RID#988] 2359: [-1765328339][Service key not available]
(2025-06-18 8:02:33): [krb5_child[137885]] [map_krb5_error] (0x0040): [RID#988] 2443: [-1765328339][Service key not available]
********************** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE:
* (2025-06-18 8:02:33): [krb5_child[137885]] [get_and_save_tgt]
(0x0020): [RID#988] 2359: [-1765328339][Service key not available]
* (2025-06-18 8:02:33): [krb5_child[137885]] [map_krb5_error]
(0x0040): [RID#988] 2443: [-1765328339][Service key not available] ********************** BACKTRACE DUMP ENDS HERE *********************************

Can someone give a hint were to look for the problem?
--
kind regards
Marco

--- Synchronet 3.21d-Linux NewsLink 1.2

From Marco Moock@mm@dorfdsl.de to comp.protocols.kerberos on Mon Jun 23 08:04:45 2025

From Newsgroup: comp.protocols.kerberos

On 18.06.2025 09:32 Marco Moock wrote:

I want to attach a Fedora 42 system to MS AD. sssd seems to work as I
can retrieve user info from AD. Although, login on my system fails and
I get the following message in /var/log/sssd/krb5_child.log:

* (2025-06-18 8:02:33): [krb5_child[137885]] [validate_tgt]
(0x0020): [RID#988] TGT failed verification using key for
[redacted HOSTNAME]. ********************** BACKTRACE DUMP ENDS
HERE *********************************

(2025-06-18 8:02:33): [krb5_child[137885]] [get_and_save_tgt]
(0x0020): [RID#988] 2359: [-1765328339][Service key not available] (2025-06-18 8:02:33): [krb5_child[137885]] [map_krb5_error] (0x0040): [RID#988] 2443: [-1765328339][Service key not available] ********************** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE:
* (2025-06-18 8:02:33): [krb5_child[137885]] [get_and_save_tgt] (0x0020): [RID#988] 2359: [-1765328339][Service key not available]
* (2025-06-18 8:02:33): [krb5_child[137885]] [map_krb5_error]
(0x0040): [RID#988] 2443: [-1765328339][Service key not available] ********************** BACKTRACE DUMP ENDS HERE *********************************

Can someone give a hint were to look for the problem?

I found a workaround, although not recommended due to security reasons:

[domain/example.org]
krb5_validate = False

https://access.redhat.com/solutions/7113737

--- Synchronet 3.21d-Linux NewsLink 1.2

Who's Online
Recent Visitors
- Evander
  Sun Apr 26 17:00:12 2026
  from Usa via SSH
- Evander
  Sun Apr 26 14:05:22 2026
  from Usa via SSH
- Sykotik
  Tue Apr 14 16:22:53 2026
  from Canada via Telnet
- Morningstarr
  Sun Apr 12 15:27:15 2026
  from Concord, Nc via Telnet

System Info

Sysop:	Amessyroom
Location:	Fayetteville, NC
Users:	64
Nodes:	6 (0 / 6)
Uptime:	492944:08:01
Calls:	842
Files:	1,304
D/L today:	8 files (19,649K bytes)
Messages:	261,765

[validate_tgt] (0x0020): [RID#988] TGT failed verification using key for

Who's Online

Recent Visitors

System Info