Forum: Too Lazy BBS

[validate_tgt] (0x0020): [RID#988] TGT failed verification using key for

From Marco Moock@mm@dorfdsl.de to comp.protocols.kerberos on Wed Jun 18 09:32:05 2025

From Newsgroup: comp.protocols.kerberos

Hello!

I want to attach a Fedora 42 system to MS AD. sssd seems to work as I
can retrieve user info from AD. Although, login on my system fails and
I get the following message in /var/log/sssd/krb5_child.log:

* (2025-06-18 8:02:33): [krb5_child[137885]] [validate_tgt]
(0x0020): [RID#988] TGT failed verification using key for
[redacted HOSTNAME]. ********************** BACKTRACE DUMP ENDS
HERE *********************************

(2025-06-18 8:02:33): [krb5_child[137885]] [get_and_save_tgt]
(0x0020): [RID#988] 2359: [-1765328339][Service key not available]
(2025-06-18 8:02:33): [krb5_child[137885]] [map_krb5_error] (0x0040): [RID#988] 2443: [-1765328339][Service key not available]
********************** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE:
* (2025-06-18 8:02:33): [krb5_child[137885]] [get_and_save_tgt]
(0x0020): [RID#988] 2359: [-1765328339][Service key not available]
* (2025-06-18 8:02:33): [krb5_child[137885]] [map_krb5_error]
(0x0040): [RID#988] 2443: [-1765328339][Service key not available] ********************** BACKTRACE DUMP ENDS HERE *********************************

Can someone give a hint were to look for the problem?
--
kind regards
Marco

--- Synchronet 3.21d-Linux NewsLink 1.2

From Marco Moock@mm@dorfdsl.de to comp.protocols.kerberos on Mon Jun 23 08:04:45 2025

From Newsgroup: comp.protocols.kerberos

On 18.06.2025 09:32 Marco Moock wrote:

I want to attach a Fedora 42 system to MS AD. sssd seems to work as I
can retrieve user info from AD. Although, login on my system fails and
I get the following message in /var/log/sssd/krb5_child.log:

* (2025-06-18 8:02:33): [krb5_child[137885]] [validate_tgt]
(0x0020): [RID#988] TGT failed verification using key for
[redacted HOSTNAME]. ********************** BACKTRACE DUMP ENDS
HERE *********************************

(2025-06-18 8:02:33): [krb5_child[137885]] [get_and_save_tgt]
(0x0020): [RID#988] 2359: [-1765328339][Service key not available] (2025-06-18 8:02:33): [krb5_child[137885]] [map_krb5_error] (0x0040): [RID#988] 2443: [-1765328339][Service key not available] ********************** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE:
* (2025-06-18 8:02:33): [krb5_child[137885]] [get_and_save_tgt] (0x0020): [RID#988] 2359: [-1765328339][Service key not available]
* (2025-06-18 8:02:33): [krb5_child[137885]] [map_krb5_error]
(0x0040): [RID#988] 2443: [-1765328339][Service key not available] ********************** BACKTRACE DUMP ENDS HERE *********************************

Can someone give a hint were to look for the problem?

I found a workaround, although not recommended due to security reasons:

[domain/example.org]
krb5_validate = False

https://access.redhat.com/solutions/7113737

--- Synchronet 3.21d-Linux NewsLink 1.2

Who's Online
Recent Visitors
- Hannibal
  Sat Jun 27 11:02:21 2026
  from Des Moines via Telnet
- Sauron
  Sat Jun 27 03:51:20 2026
  from Purgatory via Telnet
- Geek2
  Fri Jun 26 08:43:26 2026
  from Euclid, Oh via Telnet
- Hannibal
  Fri Jun 26 04:46:03 2026
  from Des Moines via Telnet

System Info

Sysop:	Amessyroom
Location:	Fayetteville, NC
Users:	70
Nodes:	6 (0 / 6)
Uptime:	14:38:07
Calls:	936
Calls today:	2
Files:	1,324
D/L today:	30 files (8,331K bytes)
Messages:	285,561

[validate_tgt] (0x0020): [RID#988] TGT failed verification using key for

Who's Online

Recent Visitors

System Info