UNAB fails to retrieve proxy ticket from KDC upon system boot on a Systemd Linux

Document ID : KB000033252
Last Modified Date : 14/02/2018
Show Technical Document Details


If the Unix Authentication Broker (UNAB) is installed on a Systemd Linux variant like Red Hat Enterprise Linux 7 users might experience an issue upon system startup where the initial Ticket Granting Ticket (TGT) fails to be obtained a ticket for the client from a Windows Domain Controller, i.e. KDC (Key Distribution Center)
User login via UNAB is not possible until uxauthd is manually restarted or until internal timeouts cause the TGT to be obtained.

Error messages similar to those below may appear in the system log
uxauthd[1032]: Cannot resolve network address for KDC in realm "MYDOM.CA.COM" while getting initial credentials
uxauthd[1032]: Could not retrieve proxy ticket from KDC for domain 'mydom.ca.com', error = -1765328164.
uxauthd[1032]: No active DCs in domain 'mydom.ca.com'.
uxauthd[1032]: No connection to domain 'mydom.ca.com', watcher thread started.


This issue is caused by the provided legacy SysVinit scripts being executed before network initialization has been completed.



Introduce another Systemd service which is restarts UNAB after the network initialization has been completed so the TGT can be obtained accordingly.

  • Create this file accordingly as root:

    # cat /etc/systemd/system/my-uxauthd.service
    Description=my uxauthd init service to sync with network
    After=network.service NetworkManager.service NetworkManager-wait-online.service

    ExecStart=/opt/CA/uxauth/lbin/uxauthd.sh restart


  • In a root shell submit these commands:


    # chmod 664 /etc/systemd/system/my-uxauthd.service

    # systemctl daemon-reload

    # systemctl enable my-uxauthd.service

        # systemctl start my-uxauthd.service

     # reboot

Additional Information:  

This issue has been verified in RH 7 with UNAB 12.8 SP1 but other versions of Linux and UNAB might also be affected.