Bug 7648 - krb5_ticket_gain_handler: could not kinit: Cannot contact any KDC for requested realm
Summary: krb5_ticket_gain_handler: could not kinit: Cannot contact any KDC for request...
Status: NEW
Alias: None
Product: Samba 3.5
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 3.5.4
Hardware: Other Linux
: P3 normal
Target Milestone: ---
Assignee: Michael Adam
QA Contact: Samba QA Contact
Depends on:
Reported: 2010-08-25 11:20 UTC by David Woodhouse
Modified: 2010-08-25 11:30 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description David Woodhouse 2010-08-25 11:20:12 UTC
I boot while disconnected from the VPN, and "log in" (actually gdm has auto-login, and gnome-screensaver authenticates me using pam_winbind, but that seems to be sufficient).

I then connect to the VPN. After a delay, winbindd starts to re-establish its connection to the domain. And attempts to obtain a TGT for me, but fails:

6289:Running timed event "krb5_ticket_gain_handler" 0xb8e7e278
6290:krb5_ticket_gain_handler called
6291:event called for: FILE:/tmp/krb5cc_500, GER\dwoodhou
6292:kerberos_kinit_password: as dwoodhou@GER.CORP.INTEL.COM using [FILE:/tmp/krb5cc_500] as ccache and config [(null)]
Comment 1 David Woodhouse 2010-08-25 11:27:51 UTC
This is fun:

$ wbinfo --online-status
BUILTIN : online
GER :  online
$ su dwoodhou
Domain Controller unavailable, using cached credentials instead. Network resources may be unavailable.

Online, but not really online?
Comment 2 David Woodhouse 2010-08-25 11:30:31 UTC

(I assume everything in there is safe to post in public, assuming we're not stupidly paranoid about internal hostname and IP addresses. Please do let me know ASAP if not)