[Samba] potential samba bug with Kerberos -k => --use-kerberos

LORANG Geert geert.lorang at hexagon.com
Fri Apr 22 15:41:38 UTC 2022

We started seeing this as well on Ubuntu 22.04 and Fedora 35.

Looks like you can (unintentionally) use "--use-krb5-ccache=" as a 
workaround. E.g.

# net ads join --use-krb5-ccache=

I've logged this in https://bugzilla.samba.org/show_bug.cgi?id=15052 
we'll see what the Samba devs think


On 27/01/2022 17:00, Jason Keltz via samba wrote:
> This email is not from Hexagon’s Office 365 instance. Please be 
> careful while clicking links, opening attachments, or replying to this 
> email.
> Hi.
> With samba < 4.15 I used the -k (kerberos) option on some commands like
> "net ads leave -k".  It worked perfectly.
> On 4.15.4, if I still use -k I get the message: WARNING: The option
> -k|--kerberos is deprecated! .. but it still works.
> The deprecated warning is because 4.15 series replaced -k with
> --use-kerberos:
> Options renamed:
> --kerberos       ->    --use-kerberos=required|desired|off
> If I replace -k with what I assume to be the replacement
> --use-kerberos=required, then it doesn't seem to work.  I get prompted
> for the Kerberos password even though klist shows I am already
> authenticated with Kerberos.  I can swap between -k and seeing it work,
> and --use-kerberos=required where I get prompted for it.
> This seems like a potential bug.  Thoughts?
> Thanks,
> Jason.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions: 
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Foptions%2Fsamba&data=04%7C01%7C%7C49c4cf2a2df148d376ef08d9e1ae4f46%7C1b16ab3eb8f64fe39f3e2db7fe549f6a%7C0%7C0%7C637788961057010095%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=EiT%2FwPf00Jav%2BzMnyy7o4C2woJ2NNtskZGm2KJd44x0%3D&reserved=0

More information about the samba mailing list