-   Linux - Networking (
-   -   Winbind error in /var/log/messages (

jeffrosquad 04-04-2012 08:26 AM

Winbind error in /var/log/messages
I am running OEL6.1 connecting to a Windows 2008 active directory domain. I am able to join the domain and all works well. However, my messages log is blowing up with the same error over and over.

winbindd[8167]: kinit succeeded but ads_sasl_spnego_krb5_bind failed: Cannot find KDC for requested realm

Not sure what is causing this since, like I said, I am able to authenticate just fine.

MensaWater 04-06-2012 08:00 AM

Often when you have a nice error message like that you can get a lot of information by doing web search for the non-numeric (which is usually specific process or something) portions of the message:

jeffrosquad 04-06-2012 10:37 PM

Could have done a lmgtfy...ha. I did google first and found nothing

MensaWater 04-09-2012 07:50 AM

I was tempted to do the lmgtfy but thought perhaps you might have already searched and made it too specific by not stripping out the numeric portion. By doing the search I linked I did see many hits and that was just on one message. Usually it is best to look for the first message or something very close to it in web searches - the more messages in the error output the more likely later ones are simply symptoms of the earlier one. Once I and a co-worker got into a rather heated discussion because he couldn't understand why I was telling him troubleshooting message 99 instead of message 1 was pointless. The funny thing was when I saw message 1 it suggested an email issue to me and our mail administrator later confirmed that was indeed the problem. Some people who are rather smart sometimes go down blind alleys and you just have to shake your head.

jeffrosquad 04-11-2012 12:44 PM

Thank you Mensa.......and I certainly can appreciate that you definitely have to attempt to search by various bits and pieces of your errors. This one, however, is not producing any useful results. All the posts I have found regarding this typically fall into one of two categories:

1. People getting this can't authenticate at all.
2. Their situation is completely different.

I am getting this error every five minutes all day every day and it is skewing the stats on my central logging server and rendering it nearly impossible to sift through for true errors or problems.

MensaWater 04-11-2012 01:10 PM

When you say "every 5 minutes" do you mean that literally or are you just saying you're getting it very frequently? If the former then it suggests and automated process is running every 5 minutes which perhaps is not properly setup. Have you check cron on this server? Have you tried running tcpdump to analyze traffic to this server to see if perhaps something external is doing this so you can hunt down the owner of that system and *ahem* deal with them?

jeffrosquad 04-11-2012 03:24 PM

It is literally every 5 minutes. Sometimes 10 but mostly every 5...bizarre. I have not run a tcpdump but will just to see if it sheds any light on the subject.

jeffrosquad 04-12-2012 08:00 AM

Ok, after combing through all the conf files I could think of that may affect performance (krb5.conf,nsswitch,resolv.conf,smb.conf,system-auth) I have found one difference.

In the two machines I have that continuously throw this error, in the /etc/pam.d/system-auth file the line is:
session required skel=/etc/skel umask=0022

In the machines that are not throwing the error the line is:
session optional skel=/etc/skel umask=0022

Would this make a difference and if so why?

jeffrosquad 04-12-2012 08:27 AM

Also, here is my tcpdump for the exact time the error occurs. Actual domain info changed of course.

08:20:01.786658 IP > P 2830:3060(230) ack 2717 win 65535
08:20:01.787063 IP > P 2717:2953(236) ack 3060 win 64533
08:20:01.787074 IP > . ack 2953 win 65535
08:20:01.789026 IP > 47454+ AAAA? (41)
08:20:01.789771 IP > 47454* 0/1/0 (87)
08:20:01.789805 IP > 37758+[|domain]
08:20:01.790532 IP > 37758 NXDomain*[|domain]
08:20:01.790565 IP > 55726+ AAAA? (53)
08:20:01.791286 IP > 55726 NXDomain* 0/1/0 (122)
08:20:01.791304 IP > 31455+ AAAA? (53)
08:20:01.792053 IP > 31455 NXDomain* 0/1/0 (134)
08:20:01.792078 IP > 17337+ A? (41)
08:20:01.792968 IP > 17337* 1/0/0 A[|domain]
08:20:01.798760 IP > v5
08:20:01.799591 IP >
08:20:01.806521 IP > v5
08:20:01.807606 IP > v5
08:20:01.808280 IP >
08:20:01.809272 IP >
08:20:01.809409 IP >
08:20:01.810364 IP >

And the error in /var/log/messages
Apr 12 08:20:01 ricoradb1 winbindd[8167]: [2012/04/12 08:20:01, 0] libads/sasl.c:ads_sasl_spnego_bind(330)
Apr 12 08:20:01 ricoradb1 winbindd[8167]: kinit succeeded but ads_sasl_spnego_krb5_bind failed: Cannot find KDC for requested realm

All times are GMT -5. The time now is 10:33 AM.