What | Removed | Added |
---|---|---|
Status | RESOLVED | REOPENED |
Version | Leap 15.3 | Leap 15.4 |
Resolution | FIXED | --- |
OS | openSUSE Leap 15.3 | openSUSE Leap 15.4 |
We still have the problem of winbind destroying the user ticket cache instead of refreshing the tickets. So I reopen the bug report. In our environment user accounts are in domain dom.tu-dresden.de. ing.dom.tu-dresden.de is a subdomain of this domain. Our domain ilrw.ing.dom.tu-dresden.de with all clients is again a subdomain of ing.dom.tu-dresden.de. When login with a user account with an account from dom.tu-dresden.de into a client in ilrw.ing.dom.tu-dresden.de the user is getting a TGT as follows: Ticketzwischenspeicher: FILE:/tmp/krb5cc_103321 Standard-Principal: account@DOM.TU-DRESDEN.DE Valid starting Expires Service principal 23.06.2022 17:34:16 24.06.2022 03:34:16 krbtgt/DOM.TU-DRESDEN.DE@DOM.TU-DRESDEN.DE erneuern bis 30.06.2022 17:34:16 23.06.2022 17:34:16 24.06.2022 03:34:16 LFTWORKLI06$@ILRW.ING.DOM.TU-DRESDEN.DE erneuern bis 30.06.2022 17:34:16 Later winbind is trying to refresh the TGT but winbind is looking for a TGT krbtgt/ILRW.ING.DOM.TU-DRESDEN.DE@DOM.TU-DRESDEN.DE and is not able to find it since it is krbtgt/DOM.TU-DRESDEN.DE@DOM.TU-DRESDEN.DE and destroys the ticket cache. [2022/06/23 16:24:06.069415, 10, pid=11448, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_cred_cache.c:123(krb5_ticket_refresh_handler) krb5_ticket_refresh_handler: event called for: FILE:/tmp/krb5cc_103321, DOM+account [2022/06/23 16:24:06.069772, 10, pid=11448, effective(103321, 0), real(103321, 0), class=kerberos] ../../lib/krb5_wrap/krb5_samba.c:3867(smb_krb5_trace_cb) smb_krb5_trace_cb: [11448] 1655994246.069600: Retrieving account@DOM.TU-DRESDEN.DE -> krbtgt/ILRW.ING.DOM.TU-DRESDEN.DE@DOM.TU-DRESDEN.DE from FILE:/tmp/krb5cc_103321 with result: -1765328243/Matching credential not found (filename: /tmp/krb5cc_103321) [2022/06/23 16:24:06.069819, 3, pid=11448, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_cred_cache.c:227(krb5_ticket_refresh_handler) krb5_ticket_refresh_handler: could not renew tickets: Matching credential not found [2022/06/23 16:24:06.069908, 10, pid=11448, effective(0, 0), real(0, 0), class=kerberos] ../../lib/krb5_wrap/krb5_samba.c:3867(smb_krb5_trace_cb) smb_krb5_trace_cb: [11448] 1655994246.069602: Destroying ccache FILE:/tmp/krb5cc_103321 Is this a configuration error or a bug? It worked with samba 4.13.