If the Unix Authentication Broker (UNAB) is installed on a Systemd Linux variant like Red Hat Enterprise Linux 7 users might experience an issue upon system startup where the initial Ticket Granting Ticket (TGT) fails to be obtained a ticket for the client from a Windows Domain Controller, i.e. KDC (Key Distribution Center)
User login via UNAB is not possible until uxauthd is manually restarted or until internal timeouts cause the TGT to be obtained.
Error messages similar to those below may appear in the system log
uxauthd: Cannot resolve network address for KDC in realm "MYDOM.CA.COM" while getting initial credentials
uxauthd: Could not retrieve proxy ticket from KDC for domain 'mydom.ca.com', error = -1765328164.
uxauthd: No active DCs in domain 'mydom.ca.com'.
uxauthd: No connection to domain 'mydom.ca.com', watcher thread started.
This issue is caused by the provided legacy SysVinit scripts being executed before network initialization has been completed.
Introduce another Systemd service which is restarts UNAB after the network initialization has been completed so the TGT can be obtained accordingly.
# cat /etc/systemd/system/my-uxauthd.service
Description=my uxauthd init service to sync with network
After=network.service NetworkManager.service NetworkManager-wait-online.service
# chmod 664 /etc/systemd/system/my-uxauthd.service
# systemctl daemon-reload
# systemctl enable my-uxauthd.service
# systemctl start my-uxauthd.service
This issue has been verified in RH 7 with UNAB 12.8 SP1 but other versions of Linux and UNAB might also be affected.
Release: ACP1M005900-12.8-Privileged Identity Manager