Bug 7648 - krb5_ticket_gain_handler: could not kinit: Cannot contact any KDC for requested realm
Summary: krb5_ticket_gain_handler: could not kinit: Cannot contact any KDC for request...
Status: NEW
Alias: None
Product: Samba 3.5
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 3.5.4
Hardware: Other Linux
: P3 normal
Target Milestone: ---
Assignee: Michael Adam
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-08-25 11:20 UTC by David Woodhouse
Modified: 2010-08-25 11:30 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description David Woodhouse 2010-08-25 11:20:12 UTC
I boot while disconnected from the VPN, and "log in" (actually gdm has auto-login, and gnome-screensaver authenticates me using pam_winbind, but that seems to be sufficient).

I then connect to the VPN. After a delay, winbindd starts to re-establish its connection to the domain. And attempts to obtain a TGT for me, but fails:

6289:Running timed event "krb5_ticket_gain_handler" 0xb8e7e278
6290:krb5_ticket_gain_handler called
6291:event called for: FILE:/tmp/krb5cc_500, GER\dwoodhou
6292:kerberos_kinit_password: as dwoodhou@GER.CORP.INTEL.COM using [FILE:/tmp/krb5cc_500] as ccache and config [(null)]
Comment 1 David Woodhouse 2010-08-25 11:27:51 UTC
This is fun:

$ wbinfo --online-status
BUILTIN : online
DWOODHOU-MEEGO : online
GER :  online
$ su dwoodhou
Password:
Domain Controller unavailable, using cached credentials instead. Network resources may be unavailable.

Online, but not really online?
Comment 2 David Woodhouse 2010-08-25 11:30:31 UTC
http://david.woodhou.se/winbind-bug-7648.log.gz

(I assume everything in there is safe to post in public, assuming we're not stupidly paranoid about internal hostname and IP addresses. Please do let me know ASAP if not)