[Bug 1196224] New: User Kerberos Tickets are not refresh or get destroyed after Update to samba 4.15.4
http://bugzilla.opensuse.org/show_bug.cgi?id=1196224 Bug ID: 1196224 Summary: User Kerberos Tickets are not refresh or get destroyed after Update to samba 4.15.4 Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: x86-64 OS: openSUSE Leap 15.3 Status: NEW Severity: Critical Priority: P5 - None Component: Samba Assignee: samba-maintainers@SuSE.de Reporter: andreas.hauffe@tu-dresden.de QA Contact: samba-maintainers@SuSE.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Build Identifier: At the end of January there was an update of Samba 4.13 to 4.15. Since this time all our clients, which are Windows-AD members, doesn't keep the user kerberos tickets like before. Either the tickets are not refreshed or the tickets are destroyed. This results in a crashed KDE Plasma in the morning when the users try to login again, since the clients/user accounts weren't able to write on the kerberized NFS-Home mounts after the tickets got lost. Reproducible: Always Steps to Reproduce: 1. Configure PAM-Winbind for User logins 2. Wait some hours and the user tickets are not in the ticket cache any more Actual Results: Crashed KDE Plasma due to unwriteable home mounts Expected Results: refreshed user tickets in the ticket cache smb.conf [global] netbios name = ilr114l security = ADS workgroup = ILRW realm = ILRW.ING.DOM.TU-DRESDEN.DE dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab template homedir = /home/home_ilrw/%U template shell = /bin/bash winbind refresh tickets = yes winbind separator = + idmap config * : backend = tdb idmap config * : range = 2000-2999 idmap config ILRW : backend = rid idmap config ILRW : range = 3000-9999 # UID aus RID fuer ILRW idmap config DOM : backend = rid idmap config DOM : range = 10000-9999999 # UID aus RID fuer DOM krb5.conf [libdefaults] default_realm = ILRW.ING.DOM.TU-DRESDEN.DE dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] ILRW.ING.DOM.TU-DRESDEN.DE = { auth_to_local = RULE:[1:$0@$1](ILRW\.ING\.DOM\.TU-DRESDEN\.DE@.*)s/\.ING\.DOM\.TU-DRESDEN\.DE@/+/ auth_to_local = RULE:[1:$0@$1](DOM\.TU-DRESDEN\.DE@.*)s/\.TU-DRESDEN\.DE@/+/ auth_to_local = DEFAULT } -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1196224
http://bugzilla.opensuse.org/show_bug.cgi?id=1196224#c13
Andreas Hauffe
http://bugzilla.opensuse.org/show_bug.cgi?id=1196224
http://bugzilla.opensuse.org/show_bug.cgi?id=1196224#c14
--- Comment #14 from Andreas Hauffe
participants (1)
-
bugzilla_noreply@suse.com