Andreas Hauffe changed bug 1196224
What Removed Added
Status RESOLVED REOPENED
Version Leap 15.3 Leap 15.4
Resolution FIXED ---
OS openSUSE Leap 15.3 openSUSE Leap 15.4

Comment # 13 on bug 1196224 from 
We still have the problem of winbind destroying the user ticket cache instead
of refreshing the tickets. So I reopen the bug report.

In our environment user accounts are in domain dom.tu-dresden.de. 
ing.dom.tu-dresden.de is a subdomain of this domain. 
Our domain ilrw.ing.dom.tu-dresden.de with all clients is again a subdomain of
ing.dom.tu-dresden.de.

When login with a user account with an account from dom.tu-dresden.de into a
client in ilrw.ing.dom.tu-dresden.de the user is getting a TGT as follows:

Ticketzwischenspeicher: FILE:/tmp/krb5cc_103321
Standard-Principal: account@DOM.TU-DRESDEN.DE

Valid starting       Expires              Service principal
23.06.2022 17:34:16  24.06.2022 03:34:16 
krbtgt/DOM.TU-DRESDEN.DE@DOM.TU-DRESDEN.DE
        erneuern bis 30.06.2022 17:34:16
23.06.2022 17:34:16  24.06.2022 03:34:16 
LFTWORKLI06$@ILRW.ING.DOM.TU-DRESDEN.DE
        erneuern bis 30.06.2022 17:34:16

Later winbind is trying to refresh the TGT but winbind is looking for a TGT
krbtgt/ILRW.ING.DOM.TU-DRESDEN.DE@DOM.TU-DRESDEN.DE and is not able to find it
since it is krbtgt/DOM.TU-DRESDEN.DE@DOM.TU-DRESDEN.DE and destroys the ticket
cache. 

[2022/06/23 16:24:06.069415, 10, pid=11448, effective(0, 0), real(0, 0),
class=winbind]
../../source3/winbindd/winbindd_cred_cache.c:123(krb5_ticket_refresh_handler)
  krb5_ticket_refresh_handler: event called for: FILE:/tmp/krb5cc_103321,
DOM+account
[2022/06/23 16:24:06.069772, 10, pid=11448, effective(103321, 0), real(103321,
0), class=kerberos] ../../lib/krb5_wrap/krb5_samba.c:3867(smb_krb5_trace_cb)
  smb_krb5_trace_cb: [11448] 1655994246.069600: Retrieving
account@DOM.TU-DRESDEN.DE ->
krbtgt/ILRW.ING.DOM.TU-DRESDEN.DE@DOM.TU-DRESDEN.DE from
FILE:/tmp/krb5cc_103321 with result: -1765328243/Matching credential not found
(filename: /tmp/krb5cc_103321)
[2022/06/23 16:24:06.069819,  3, pid=11448, effective(0, 0), real(0, 0),
class=winbind]
../../source3/winbindd/winbindd_cred_cache.c:227(krb5_ticket_refresh_handler)
  krb5_ticket_refresh_handler: could not renew tickets: Matching credential not
found
[2022/06/23 16:24:06.069908, 10, pid=11448, effective(0, 0), real(0, 0),
class=kerberos] ../../lib/krb5_wrap/krb5_samba.c:3867(smb_krb5_trace_cb)
  smb_krb5_trace_cb: [11448] 1655994246.069602: Destroying ccache
FILE:/tmp/krb5cc_103321

Is this a configuration error or a bug? It worked with samba 4.13.

You are receiving this mail because: