Linux winbind troubleshooting



Active directory uses Kerberos to verify user or host identity.

The kinit command can be used to test the Kerberos authentication mechanism

The kinit command obtains and caches Kerberos ticket-granting tickets

Use the kinit commands as follows

kinit active-directory-user

active-directory-user should be changed to any Active Directory user account.

If the user exists you should get a password response similiar to the following.

Password for active-directory-user@DOMAIN.LOCAL:

Type the password in and you should get the following response

Authenticated to Kerberos v5


Ticket cache: FILE:/tmp/krb5cc_0
Default principal: active-directory-user@DOMAIN.LOCAL

Valid starting     Expires            Service principal
06/01/11 14:49:30  06/02/11 00:49:35  krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL
        renew until 06/02/11 14:49:30

Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

wbinfo -p

Ping to winbindd succeeded on fd 4

wbinfo --all-domains


wbinfo -u

Error looking up domain users

wbinfo -t

checking the trust secret via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
Could not check secret