[Samba] Kerberos authentication issue after upgrading from 4-14-stable to 4-15-stable
Rowland Penny
rpenny at samba.org
Fri Jan 28 08:48:13 UTC 2022
On Fri, 2022-01-28 at 09:51 +0300, Alex wrote:
> > If it is of any help, I now have nslcd working on Debian 11 with
> > Samba
> > 4.15.4 , just have to wait until tomorrow to see if kstart renews
> > the
> > ticket.
>
> Thanks Rowland.
>
> My issue is that k5start isn't able to get even the 1st ticket. Do
> you use system's keytab or create a user keytab for this test case?
> Can you show what "net ads keytab list ..." outputs?
>
I didn't even try using k5start to get the initial ticket, but it is
working for myself on Debian 11 with Samba 4.15.4
adminuser at deb11:~$ sudo klist -c /tmp/nslcd.tkt
Ticket cache: FILE:/tmp/nslcd.tkt
Default principal: nslcd-ad at SAMDOM.EXAMPLE.COM
Valid starting Expires Service principal
28/01/22 00:19:54 28/01/22 10:19:54
krbtgt/SAMDOM.EXAMPLE.COM at SAMDOM.EXAMPLE.COM
28/01/22 01:17:01 28/01/22 10:19:54
ldap/rpidc1.samdom.example.com at SAMDOM.EXAMPLE.COM
As you can see the ticket was renewed at 00:19:54 this morning and if I
check, k5start is running.
adminuser at deb11:~$ ps ax | grep k5start
149296 ? Ss 0:00 /usr/bin/k5start -b -p
/var/run/nslcd/k5start_nslcd.pid -o nslcd -g nslcd -m 600 -f
/etc/krb5.nslcd.keytab -K 60 -u nslcd-ad -k /tmp/nslcd.tkt
754183 pts/1 S+ 0:00 grep k5start
Rowland
More information about the samba
mailing list