Kinit failed: Clients credentials have been revoked

Norbert Wegener nw at sbs.de
Tue Oct 3 08:00:36 EDT 2006 

My question concerns as well samba as kerberos. Therefore I also ask it 
here:

With my linux server I have joined an AD domain the usual way
kinit de7b07k0 at ORG1.MYDOMAIN.NET

and
net ads join -U de7b07k0 at ORG1.MYDOMAIN.NET

wbinfo -m lists the trusted domains. So far so good.
Unfortunately every few minutes I get error messages in the logfile:

Oct  2 19:52:53 (none) winbindd[31193]:   Kinit failed: Clients 
credentials have been revoked
Oct  2 19:56:34 (none) winbindd[31193]: [2006/10/02 19:56:34, 0] 
libsmb/cliconnect.c:cli_session_setup_spnego(759)
Oct  2 19:56:34 (none) winbindd[31193]:   Kinit failed: Clients 
credentials have been revoked
Oct  2 19:56:34 (none) winbindd[31193]: [2006/10/02 19:56:34, 0] 
libads/kerberos.c:ads_kinit_password(146)
Oct  2 19:56:34 (none) winbindd[31193]:   kerberos_kinit_password 
host/DE70176C at ORG1.MYDOMAIN.NET failed: Clients credentials have been 
revoked
Oct  2 19:56:37 (none) winbindd[31193]: [2006/10/02 19:56:37, 0] 
libsmb/cliconnect.c:cli_session_setup_spnego(759)
Oct  2 19:56:37 (none) winbindd[31193]:   Kinit failed: Clients 
credentials have been revoked
Oct  2 19:56:40 (none) winbindd[31193]: [2006/10/02 19:56:40, 0] 
libsmb/cliconnect.c:cli_session_setup_spnego(759)
Oct  2 19:56:40 (none) winbindd[31193]:   Kinit failed: Clients 
credentials have been revoked

What causes this messages and is it to ignore or important?
I am using samba-3.0.12-5 on a Suse Linux 9.3 system.
The kerberos version is krb5-client-1.4-16


This is my smb.conf:

[global]
        security = ads
        use kerberos keytab = yes
        realm = ORG1.MYDOMAIN.NET
        netbios name = de70176c
        workgroup = MYDOMAIN.NET
        winbind separator = !
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/%D/%U
        template shell = /bin/bash
        client use spnego = yes
        client ntlmv2 auth = yes
        encrypt passwords = yes
        #winbind use default domain = yes
        preferred master = no
        restrict anonymous = 2


Thanks
Norbert Wegener

More information about the Kerberos mailing list