[Samba] smbclient ignores configured kerberos ccache when using krb5-user on ubuntu/debian
Jonathan Davis
jdavis at leepfrog.com
Fri Sep 18 15:31:48 UTC 2020
On 09/17/2020 13:51, Rowland via samba wrote:
> Not sure that is the problem, winbind knows all about the different
> caches, so I wonder if things will work if you install winbind, don't run
> it, just install it.
>
> Rowland
>
> > On 09/17/2020 12:39, Jonathan Davis via samba wrote:
> > I ran the smbclient command and guess what happened?
> > Remember, the original error in the debug output with the valid
> > parameter name was this:
> > smb_gss_krb5_import_cred ccache[FILE:/tmp/krb5cc_1000] -the
> > caller may retry after a kinit
> >
> > After I made the parameter name change to the heimdal version, the
> > error turned into this:
> > Failed to resolve credential cache 'KEYRING:persistent:1000'!
> > (Unknown credential cache type)
> > free(): double free detected in tcache 2
> > Aborted (core dumped)
> >
> > Based off of this behavior change, to me it appears that the
> > "smb_gss_krb5_import_cred" step/function in smbclient (perhaps other
> > steps/functions too) is specifically looking for or expecting
> > "default_cc_name" and likely other properties or files or etc that
> > heimdal-clients does differently than krb5-user.
> >
> > Which lead me to this:
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963899
> >
> > So I guess I'm SOL unless Debian maintainers build smbclient against
> > krb5??
> > This is depressing.
> > --
> > Jonathan Davis
> >
I gave your suggestion to install winbind a shot but it was unsuccessful.
With the normal krb5 setup the same issue and behavior occurs - with and
without winbind running - post reboot, as well as from a clean install.
I appreciate the ideas and assistance with this Rowland.
I'm stumped.
--
Jonathan Davis
More information about the samba
mailing list