Environment
Novell Open Enterprise Server 11 SP2 (OES 11SP2)
Novell Open Enterprise Server 11 SP1 (OES 11SP1)
Domain Services for Windows
DSFW
Domain Services for Windows
DSFW
Situation
kinit failes "Client's entry in database has expired while getting initial credentials"
kdc.log reports - Aug 15 10:53:57 server1 krb5kdc[5865](info): AS_REQ (6 etypes {18 17 23 24 -135 3}) 10.10.0.5: CLIENT EXPIRED: user33\@novell.com@NOVELL.COM for krbtgt/NOVELL.COM@NOVELL.COM, Client's entry in database has expired
packet trace reports - "error_code: KRB5KDC_ERR_NAME_EXP (1)" " e-text: CLIENT EXPIRED"
LoginExpirationTime has a value of 21060207062814Z
Resolution
Either the LoginExpirationTime attribute has a time in the past (login time is expired) and their for valid or the value is set to 21060207062814Z.
If the time is set to 21060207062814Z the account will be treated as if the password is expired. Resetting the password will not remove this value. The value must be deleted.
Additional Information
A script to delete loginExpirationTime with values greater than current date can be found at DSfWDude.com