[Samba] kerberos tickets and AD integration

Carl Wilhelm Soderstrom chrome at real-time.com
Wed Mar 12 15:54:34 MDT 2014

How important is the output of klist?
Should there *always* be a ticket listed, or is it ok for there to not be
one sometimes?

How long does Samba (Winbind?) cache logon information?

To explain:
I have a number of systems (on two completely separate networks, with
completely separate AD servers) which are occasionally refusing access to
some clients for short periods of time.

If I do a 'klist' on these servers, it shows that there are no kerberos
tickets, yet access generally works anyway.

# klist 
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)

Oddly, right now I'm even seeing a case where 'net ads info' seems to
indicate it can't connect to the AD server, yet logons are working anway!

# net ads info
ads_connect: No logon servers
ads_connect: No logon servers
Didn't find the ldap server!

Carl Soderstrom
Systems Administrator
Real-Time Enterprises

More information about the samba mailing list