I suspect I'm seeing the results of this on some 12.04 virtual servers. The strange thing is that I'm pretty sure we've had 12.04 servers work properly in the past. I've tried it with both 3.6.3-2ubuntu2.6 and 3.6.3-2ubuntu2.
We've been getting console errors about either uncontactable KDCs or clock skew being too great when logging in via SSH with GSSAPI, or when using sudo. The logins and sudo take a long time to happen - even local unix accounts are held up. After logging in there is no kerberos ticket cache. Manually using kinit authenticates successfully though and will create a ticket cache. So non-winbind vanilla kerberos stuff isn't affected. The clock skew errors will even happen straight after an ntpdate update from the AD domain controller. I suspect this is erroneous and just a symptom related to not finding our domain controller. The things that make me suspect it's related to this bug report are: 1) kerberos only fails to find the DC when being initiated via winbind, and 2) winbind seems to start behaving properly when we hard code our domain controller/KDC into /etc/krb5.conf -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1159715 Title: winbind_krb5_locator plugin is missing from winbind 3.6.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1159715/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs