[Samba] winbind & kerberos question

Rowland Penny rpenny at samba.org
Mon Jun 27 12:08:03 UTC 2022

On Mon, 2022-06-27 at 12:45 +0200, Andreas Hauffe via samba wrote:
> 	Error verifying signature: parse error
> Dear list,
> I'm having trouble with refreshing kerberos tickets with winbind.
> Our 
> clients are openSUSE Leap 15.4 clients with a separately build samba 
> 4.16.2 and they are domain members of an AD domain named 
> ilrw.ing.dom.tu-dresden.de. This domain is a subdomain (two-way, 
> transitive trusts) of ing.dom.tu-dresden.de, which again is a
> subdomain 
> of dom.tu-dresden.de. User accounts are administered centrally in
> the 
> root domain dom.tu-dresden.de. If I logon to a client with a
> useraccount 
> I'm getting a tgt and service tickets and everything works fine, as
> seen 
> in the klist output:

I wonder if this is a 'trusts' problem ?
Stefan Kania probably knows more about them than anyone else, he gave a
talk about them at SambaXP, see here for the pdf:


Reading that may give you help.


More information about the samba mailing list