The AD server did ... something and winbind (4.0.9 as packaged by Fedora 19) failed: Nov 11 10:43:47 ajross-mobl2 winbindd[15677]: [2013/11/11 10:43:47.637385, 0, pid=15677, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4069(cache_traverse_validate_fn) Nov 11 10:43:47 ajross-mobl2 winbindd[15677]: cache_traverse_validate_fn: key length too large: (1174) > (1024) Nov 11 10:43:47 ajross-mobl2 winbindd[15677]: This would occur on every restart, and authentication would not complete. As far as I can tell, the kerberos environment was working correctly and klist showed active tickets; it was just a winbind failure. Since the message seemed to indicate it was just validating a cache, I found some "/var/lib/samba/winbind_cache.tdp*" files, deleted them, and restarted the service. Winbind came right up and operated fine after that. It seems to me like a cache validation glitch should be a recoverable situation and not a permanent failure.
Can you share that particular winbind_cache.tdb file - maybe offline ? So we can work on a fix.
Ok, got the cache file. Fix to follow.
Created attachment 9413 [details] patch for master
Comment on attachment 9413 [details] patch for master patch pushed to autobuild with review
Karolin, please cherrypick 944e9fbc20f125b52e047484dca1792d75561ed9 to 4-1
and 4-0 as well, please. Thanks!
Hm, why is Andy the only one of my users to see this? Under what circumstances would it trigger? Should I be building an updated Fedora package with this patch for our internal repo, before everyone else comes knocking at my door...?
Pushed to autobuild-v4-1-test and autobuild-v4-0-test.
David can you open a (very brief) bug about this in fedora land, so we can provide you a fix there too ?
https://bugzilla.redhat.com/show_bug.cgi?id=1030964
(In reply to comment #8) > Pushed to autobuild-v4-1-test and autobuild-v4-0-test. Pushed to v4-1-test and v4-0-test. Closing out bug report. Thanks!