> > net ads keytab create -U username > > 8. Verify the contents of the Kerberos keytab file: > > klist -ke > > This is a step I was missing. What is the purpose of the keytab? Can it help > with the default ticket FILE:/tmp/krb5cc_0 expiration? A Kerberos keytab contains Kerberos principals and encrypted keys which can be used to authenticate without entering a password. That should address your ticket expiration issue. > I'm also facing this problem, although everything seems to work fine. I've > tested with smbclient and a Windows client. > > # net ads testjoin > gss_init_sec_context failed with [Unspecified GSS failure. Minor code may > provide more information: No credentials cache found] Join is OK # Not sure what would cause that error message, nor have I experienced it. Looks like other people have seen it: https://www.google.com/?gws_rd=ssl#q=gss_init_sec_context+failed+with+%5BUnspecified+GSS+failure.++Minor+code+may+provide+more+information:+No+credentials+cache+found