Help

Unable to obtain Kerberos tickets automatically

ianmb
Contributor

Posted on ‎10-05-2014 04:04 AM

Our clients have binded to AD as expected and network logins seem to be working, however a Kerberos ticket doesn't seem to be issued automatically. If I do a:

kinit username@fqdn

....in a Terminal window, a ticket is issued and I can see it in the Ticket Viewer.

Can anybody offer some suggestions as to why this might not be happening automatically? I've confirmed that the date and time settings match what is on the server, and we are only connecting 10.9 clients to Windows-based AD servers.

0 Kudos
Reply
3 REPLIES 3

bgreeno
New Contributor III

Posted on ‎10-06-2014 09:55 AM

I recommend using Centrify Express for binding. It does a good job taking care of Kerberos tickets. Let me know if you have more questions about this.

0 Kudos
Reply

maxbehr
Contributor II

Posted on ‎10-07-2014 02:15 PM

Did you check the system log for any hints of an error. One thing I like to do to troubleshoot login issues is to ssh into the box and then run tail -f /var/logs/system.log and then have a user login and see what happens. I do have to second bgreeno, we use the full version of Centrify (for smart card logins) and have had great sucess.

0 Kudos
Reply

ianmb
Contributor

Posted on ‎10-13-2014 08:26 AM

Funnily enough, this just started working, but I am not sure why!

Now each time a network user logs in, I can see a TGT in the Ticket Viewer.

0 Kudos
Reply