LW_ERROR_KRB5_CC_NOMEM
Error
The following error is returned during a login attempt. The user cannot authenticate.
LW_ERROR_KRB5_CC_NOMEM
Cause
This issue typically occurs because there is an issue with the user's Kerberos cache file. There will be events like the following in the lsass debug log file.
6.1/src/linux/lsass/server/api/auth.c:174] Failed to authenticate user (name = 'username') -> error = 41931, symbol = LW_ERROR_KRB5_CC_NOMEM, client pid = -1 6.1/src/linux/lwadvapi/threaded/lwkrb5.c:613] KRB5 Error code: -1765328186 (Message: No more memory to allocate (in credentials cache code))
In this particular case, there was an old /tmp/krb5cc_<uid> Kerberos cache file for the user. Once the file was deleted, the user could authenticate and a new Kerberos cache file was created with the new UID.
Resolution
Delete the /tmp/krb5cc_<uid> file. Attempt to authenticate and the user should be allowed in.