[Samba] kerberos tickets and AD integration
Carl Wilhelm Soderstrom
chrome at real-time.com
Wed Mar 12 15:54:34 MDT 2014
How important is the output of klist?
Should there *always* be a ticket listed, or is it ok for there to not be
one sometimes?
How long does Samba (Winbind?) cache logon information?
To explain:
I have a number of systems (on two completely separate networks, with
completely separate AD servers) which are occasionally refusing access to
some clients for short periods of time.
If I do a 'klist' on these servers, it shows that there are no kerberos
tickets, yet access generally works anyway.
# klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
Oddly, right now I'm even seeing a case where 'net ads info' seems to
indicate it can't connect to the AD server, yet logons are working anway!
# net ads info
ads_connect: No logon servers
ads_connect: No logon servers
Didn't find the ldap server!
--
Carl Soderstrom
Systems Administrator
Real-Time Enterprises
www.real-time.com
More information about the samba
mailing list