I'm having trouble completing a bind to our LDAP servers on Centos 7.1 servers. Manual bind works, but ldapsearch fails with an error:
sssd_be: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Message stream modified)
Kerberos is working fine, the tickets are valid. I can't find any documentation about this error. Any clues?
In this case it meant that the Kerberos key you obtained was rejected by the LDAP server because of an IP mismatch. Check your hosts file, your DNS and your conf files (sssd, samba, krb5, ldap etc.) to make sure your FQDN's are consistent.