[Samba] samba ad-dc 4.13.13 PAC_TYPE_REQUESTER_SID missing

Kacper Wirski kacper.wirski at gmail.com
Tue Aug 16 14:52:17 UTC 2022


Hello,

Recently we added new DC to existing samba domain. It was supposed to be 
start of the process of migrating our centos-7 based AD-DC to Debian.  
Samba was installed from default repo (samba-ad-dc), it's version 
4.13.13, centos (previous) was on 4.11.4. So right now we have 2 x 
4.11.4 and one new 4.13.13

Everything seems to working fine with the new DC except for this 
error/warning that occasionally pops up:

samba[15490]: [2022/08/16 16:07:18.885749,  1] 
../../source4/kdc/wdc-samba4.c:463(samba_wdc_reget_pac2)
samba[15490]:   PAC_TYPE_REQUESTER_SID missing

It's mostly corresponding to a java 1.8 application that is using 
kerberos (keytab) to re-authenticate to a database. It's not that java 
is unable to authenticate, just every few or so minutes (let's say 
20-ish) I see this error, but not every time. We've had the setup 
running for last 4 years and it's the first time I see issue.

I would be glad for some pointers, I'm not sure what exactly does this 
error/warning mean and what's causing it? Obviously it's related to 
kerberos. On my other 2 DC's I've never seen this and googling doesn't 
help me much either.

I read that in 4.13.14 there was a security change that seems related, 
but I don't "get" why it mostly works only sometimes I see this 
warning/error.

Regards,

Kacper Wirski


-- 
Ta wiadomość e-mail została sprawdzona pod kątem wirusów przez oprogramowanie antywirusowe Avast.
www.avast.com



More information about the samba mailing list