Norbert Wegener
2006-Oct-02 18:03 UTC
[Samba] Kinit failed: Clients credentials have been revoked
I have joined an AD domain the usual way
kinit de7b07k0@ORG1.MYDOMAIN.NET
and
net ads join -U de7b07k0@ORG1.MYDOMAIN.NET
wbinfo -m lists the trusted domains. So far so good.
Unfortunately every few minutes I get error messages in the logfile:
Oct 2 19:52:53 (none) winbindd[31193]: Kinit failed: Clients
credentials have been revoked
Oct 2 19:56:34 (none) winbindd[31193]: [2006/10/02 19:56:34, 0]
libsmb/cliconnect.c:cli_session_setup_spnego(759)
Oct 2 19:56:34 (none) winbindd[31193]: Kinit failed: Clients
credentials have been revoked
Oct 2 19:56:34 (none) winbindd[31193]: [2006/10/02 19:56:34, 0]
libads/kerberos.c:ads_kinit_password(146)
Oct 2 19:56:34 (none) winbindd[31193]: kerberos_kinit_password
host/DE70176C@ORG1.MYDOMAIN.NET failed: Clients credentials have been
revoked
Oct 2 19:56:37 (none) winbindd[31193]: [2006/10/02 19:56:37, 0]
libsmb/cliconnect.c:cli_session_setup_spnego(759)
Oct 2 19:56:37 (none) winbindd[31193]: Kinit failed: Clients
credentials have been revoked
Oct 2 19:56:40 (none) winbindd[31193]: [2006/10/02 19:56:40, 0]
libsmb/cliconnect.c:cli_session_setup_spnego(759)
Oct 2 19:56:40 (none) winbindd[31193]: Kinit failed: Clients
credentials have been revoked
What causes this messages and is it to ignore or important?
I am using samba-3.0.12-5 on a Suse Linux 9.3 system.
This is my smb.conf:
[global]
security = ads
use kerberos keytab
realm = ORG1.MYDOMAIN.NET
netbios name = de70176c
workgroup = MYDOMAIN.NET
winbind separator = !
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
#winbind use default domain = yes
preferred master = no
restrict anonymous = 2
Thanks
Norbert Wegener
Maybe Matching Threads
- no ads join with samba3-3.0.23 whereas 3.0.12-5 works
- I get a kinit: Client credentials have been revoked while getting initial credentials
- unable to join AD domain: Failed to parse cldap reply
- authenticating to AD with winbind
- HABTM: xxx.objects.remove yyy return value question
Wisdom of the Ancients
