[Samba] samba ad-dc 4.13.13 PAC_TYPE_REQUESTER_SID missing
Kacper Wirski
kacper.wirski at gmail.com
Tue Aug 16 14:52:17 UTC 2022
Hello,
Recently we added new DC to existing samba domain. It was supposed to be
start of the process of migrating our centos-7 based AD-DC to Debian.
Samba was installed from default repo (samba-ad-dc), it's version
4.13.13, centos (previous) was on 4.11.4. So right now we have 2 x
4.11.4 and one new 4.13.13
Everything seems to working fine with the new DC except for this
error/warning that occasionally pops up:
samba[15490]: [2022/08/16 16:07:18.885749, 1]
../../source4/kdc/wdc-samba4.c:463(samba_wdc_reget_pac2)
samba[15490]: PAC_TYPE_REQUESTER_SID missing
It's mostly corresponding to a java 1.8 application that is using
kerberos (keytab) to re-authenticate to a database. It's not that java
is unable to authenticate, just every few or so minutes (let's say
20-ish) I see this error, but not every time. We've had the setup
running for last 4 years and it's the first time I see issue.
I would be glad for some pointers, I'm not sure what exactly does this
error/warning mean and what's causing it? Obviously it's related to
kerberos. On my other 2 DC's I've never seen this and googling doesn't
help me much either.
I read that in 4.13.14 there was a security change that seems related,
but I don't "get" why it mostly works only sometimes I see this
warning/error.
Regards,
Kacper Wirski
--
Ta wiadomość e-mail została sprawdzona pod kątem wirusów przez oprogramowanie antywirusowe Avast.
www.avast.com
More information about the samba
mailing list