On 26/03/2018 16:18, Leon Fauster wrote: > Time synchronization for all nodes is crucial for kerberos ... In my case, somehow Bind lost the required kerberos tokens to be able to talk to the LDAP server on the same host, so DNS didn't work, so it couldn't attempt to refresh the token. Never worked out what the root cause was, but I do remember it being quite fun to get it working again...