I boot while disconnected from the VPN, and "log in" (actually gdm has auto-login, and gnome-screensaver authenticates me using pam_winbind, but that seems to be sufficient).
I then connect to the VPN. After a delay, winbindd starts to re-establish its connection to the domain. And attempts to obtain a TGT for me, but fails:
6289:Running timed event "krb5_ticket_gain_handler" 0xb8e7e278
6291:event called for: FILE:/tmp/krb5cc_500, GER\dwoodhou
6292:kerberos_kinit_password: as dwoodhou@GER.CORP.INTEL.COM using [FILE:/tmp/krb5cc_500] as ccache and config [(null)]
This is fun:
$ wbinfo --online-status
BUILTIN : online
DWOODHOU-MEEGO : online
GER : online
$ su dwoodhou
Domain Controller unavailable, using cached credentials instead. Network resources may be unavailable.
Online, but not really online?
(I assume everything in there is safe to post in public, assuming we're not stupidly paranoid about internal hostname and IP addresses. Please do let me know ASAP if not)