I have intermittent authentication issues on my ubuntu 15.04 servers. Periodically, authentication will just stop working. Eventually it will start working again on its own. Or, if I restart both smbd and sssd it will start working again right away.
Around the same times as the auth problems, I see this error in /var/log/syslog:
[sssd[ldap_child[4199]]]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: KDC has no support for encryption type. Unable to create GSSAPI-encrypted LDAP connection.
My googling has pointed me towards adding "allow_weak_crypto = true" to the libdefaults section of /etc/krb5.conf. I've tried that but to no avail.
I have a bunch of CentOS 6 servers configured for AD authentication the same way (same smb and sssd config, etc.) and they all work fine without any issues.
Anyone have any other ideas?