LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 04-04-2012, 08:26 AM   #1
jeffrosquad
LQ Newbie
 
Registered: Jan 2012
Posts: 18

Rep: Reputation: Disabled
Winbind error in /var/log/messages


I am running OEL6.1 connecting to a Windows 2008 active directory domain. I am able to join the domain and all works well. However, my messages log is blowing up with the same error over and over.

winbindd[8167]: kinit succeeded but ads_sasl_spnego_krb5_bind failed: Cannot find KDC for requested realm

Not sure what is causing this since, like I said, I am able to authenticate just fine.
 
Old 04-06-2012, 08:00 AM   #2
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,003
Blog Entries: 5

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
Often when you have a nice error message like that you can get a lot of information by doing web search for the non-numeric (which is usually specific process or something) portions of the message:

http://www.google.com/search?q=kinit...np&safe=active
 
Old 04-06-2012, 10:37 PM   #3
jeffrosquad
LQ Newbie
 
Registered: Jan 2012
Posts: 18

Original Poster
Rep: Reputation: Disabled
lmgtfy

Could have done a lmgtfy...ha. I did google first and found nothing
 
Old 04-09-2012, 07:50 AM   #4
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,003
Blog Entries: 5

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
I was tempted to do the lmgtfy but thought perhaps you might have already searched and made it too specific by not stripping out the numeric portion. By doing the search I linked I did see many hits and that was just on one message. Usually it is best to look for the first message or something very close to it in web searches - the more messages in the error output the more likely later ones are simply symptoms of the earlier one. Once I and a co-worker got into a rather heated discussion because he couldn't understand why I was telling him troubleshooting message 99 instead of message 1 was pointless. The funny thing was when I saw message 1 it suggested an email issue to me and our mail administrator later confirmed that was indeed the problem. Some people who are rather smart sometimes go down blind alleys and you just have to shake your head.
 
Old 04-11-2012, 12:44 PM   #5
jeffrosquad
LQ Newbie
 
Registered: Jan 2012
Posts: 18

Original Poster
Rep: Reputation: Disabled
Thank you Mensa.......and I certainly can appreciate that you definitely have to attempt to search by various bits and pieces of your errors. This one, however, is not producing any useful results. All the posts I have found regarding this typically fall into one of two categories:

1. People getting this can't authenticate at all.
or
2. Their situation is completely different.

I am getting this error every five minutes all day every day and it is skewing the stats on my central logging server and rendering it nearly impossible to sift through for true errors or problems.
 
Old 04-11-2012, 01:10 PM   #6
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,003
Blog Entries: 5

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
When you say "every 5 minutes" do you mean that literally or are you just saying you're getting it very frequently? If the former then it suggests and automated process is running every 5 minutes which perhaps is not properly setup. Have you check cron on this server? Have you tried running tcpdump to analyze traffic to this server to see if perhaps something external is doing this so you can hunt down the owner of that system and *ahem* deal with them?
 
Old 04-11-2012, 03:24 PM   #7
jeffrosquad
LQ Newbie
 
Registered: Jan 2012
Posts: 18

Original Poster
Rep: Reputation: Disabled
It is literally every 5 minutes. Sometimes 10 but mostly every 5...bizarre. I have not run a tcpdump but will just to see if it sheds any light on the subject.
 
Old 04-12-2012, 08:00 AM   #8
jeffrosquad
LQ Newbie
 
Registered: Jan 2012
Posts: 18

Original Poster
Rep: Reputation: Disabled
Ok, after combing through all the conf files I could think of that may affect performance (krb5.conf,nsswitch,resolv.conf,smb.conf,system-auth) I have found one difference.

In the two machines I have that continuously throw this error, in the /etc/pam.d/system-auth file the line is:
session required pam_mkhomedir.so skel=/etc/skel umask=0022

In the machines that are not throwing the error the line is:
session optional pam_mkhomedir.so skel=/etc/skel umask=0022

Would this make a difference and if so why?
 
Old 04-12-2012, 08:27 AM   #9
jeffrosquad
LQ Newbie
 
Registered: Jan 2012
Posts: 18

Original Poster
Rep: Reputation: Disabled
tcpdump

Also, here is my tcpdump for the exact time the error occurs. Actual domain info changed of course.

08:20:01.786658 IP ricoradb1.our.domain.int.45176 > riciadcomm1.our.domain.int.microsoft-ds: P 2830:3060(230) ack 2717 win 65535
08:20:01.787063 IP riciadcomm1.our.domain.int.microsoft-ds > ricoradb1.our.domain.int.45176: P 2717:2953(236) ack 3060 win 64533
08:20:01.787074 IP ricoradb1.our.domain.int.45176 > riciadcomm1.our.domain.int.microsoft-ds: . ack 2953 win 65535
08:20:01.789026 IP ricoradb1.our.domain.int.dec-mbadmin > riciadcomm1.our.domain.int.domain: 47454+ AAAA? RICIADROOT1.domain.int. (41)
08:20:01.789771 IP riciadcomm1.our.domain.int.domain > ricoradb1.our.domain.int.dec-mbadmin: 47454* 0/1/0 (87)
08:20:01.789805 IP ricoradb1.our.domain.int.32984 > riciadcomm1.our.domain.int.domain: 37758+[|domain]
08:20:01.790532 IP riciadcomm1.our.domain.int.domain > ricoradb1.our.domain.int.32984: 37758 NXDomain*[|domain]
08:20:01.790565 IP ricoradb1.our.domain.int.53047 > riciadcomm1.our.domain.int.domain: 55726+ AAAA? RICIADROOT1.domain.int.domain.int. (53)
08:20:01.791286 IP riciadcomm1.our.domain.int.domain > ricoradb1.our.domain.int.53047: 55726 NXDomain* 0/1/0 (122)
08:20:01.791304 IP ricoradb1.our.domain.int.6499 > riciadcomm1.our.domain.int.domain: 31455+ AAAA? RICIADROOT1.domain.int.domain.com. (53)
08:20:01.792053 IP riciadcomm1.our.domain.int.domain > ricoradb1.our.domain.int.6499: 31455 NXDomain* 0/1/0 (134)
08:20:01.792078 IP ricoradb1.our.domain.int.22986 > riciadcomm1.our.domain.int.domain: 17337+ A? RICIADROOT1.domain.int. (41)
08:20:01.792968 IP riciadcomm1.our.domain.int.domain > ricoradb1.our.domain.int.22986: 17337* 1/0/0 A[|domain]
08:20:01.798760 IP ricoradb1.our.domain.int.24063 > riciadcomm1.our.domain.int.kerberos: v5
08:20:01.799591 IP riciadcomm1.our.domain.int.kerberos > ricoradb1.our.domain.int.24063:
08:20:01.806521 IP ricoradb1.our.domain.int.20208 > riciadcomm1.our.domain.int.kerberos: v5
08:20:01.807606 IP riciadcomm1.our.domain.int.kerberos > ricoradb1.our.domain.int.20208: v5
08:20:01.808280 IP ricoradb1.our.domain.int.48434 > riciadcomm1.our.domain.int.kerberos:
08:20:01.809272 IP riciadcomm1.our.domain.int.kerberos > ricoradb1.our.domain.int.48434:
08:20:01.809409 IP ricoradb1.our.domain.int.17323 > riciadcomm1.our.domain.int.kerberos:
08:20:01.810364 IP riciadcomm1.our.domain.int.kerberos > ricoradb1.our.domain.int.17323:



And the error in /var/log/messages
Apr 12 08:20:01 ricoradb1 winbindd[8167]: [2012/04/12 08:20:01, 0] libads/sasl.c:ads_sasl_spnego_bind(330)
Apr 12 08:20:01 ricoradb1 winbindd[8167]: kinit succeeded but ads_sasl_spnego_krb5_bind failed: Cannot find KDC for requested realm
 
  


Reply

Tags
active directory, winbind


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
From where am i getting error messages to /var/log/messages? prabhuacsp Programming 3 02-16-2005 08:59 AM
From where am i getting error messages to /var/log/messages? prabhuacsp Linux - Networking 1 02-16-2005 12:34 AM
Error log in /var/log/messages raymond117 Linux - Security 9 01-26-2005 07:17 AM
Error /var/log/messages arthur_NGIT Linux - Software 0 05-26-2004 04:15 PM
Error in /var/log/messages pk21 Linux - General 4 10-25-2002 07:34 AM


All times are GMT -5. The time now is 05:31 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration