How important is the output of klist? Should there *always* be a ticket listed, or is it ok for there to not be one sometimes? How long does Samba (Winbind?) cache logon information? To explain: I have a number of systems (on two completely separate networks, with completely separate AD servers) which are occasionally refusing access to some clients for short periods of time. If I do a 'klist' on these servers, it shows that there are no kerberos tickets, yet access generally works anyway. # klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0) Oddly, right now I'm even seeing a case where 'net ads info' seems to indicate it can't connect to the AD server, yet logons are working anway! # net ads info ads_connect: No logon servers ads_connect: No logon servers Didn't find the ldap server! -- Carl Soderstrom Systems Administrator Real-Time Enterprises www.real-time.com