[Samba] winbind & kerberos question

Andreas Hauffe andreas.hauffe at tu-dresden.de
Mon Jun 27 12:41:33 UTC 2022


Hi Rowland,

thanks for the document. I'll study this and will see if there is any 
help written down.

A point, I forgot to mention, is that ticket refreshing with winbind 
worked well with the given configuration until the update of samba 4.13 
to 4.15 by the SUSE team in case of openSUSE Leap 15.3. And it is still 
present with samba 4.16.2 and openSUSE Leap 15.4.

Regards,

-- 
Andreas Hauffe**


Am 27.06.22 um 14:08 schrieb Rowland Penny via samba:
> On Mon, 2022-06-27 at 12:45 +0200, Andreas Hauffe via samba wrote:
>> 	Error verifying signature: parse error
>> Dear list,
>>
>> I'm having trouble with refreshing kerberos tickets with winbind.
>> Our
>> clients are openSUSE Leap 15.4 clients with a separately build samba
>> 4.16.2 and they are domain members of an AD domain named
>> ilrw.ing.dom.tu-dresden.de. This domain is a subdomain (two-way,
>> transitive trusts) of ing.dom.tu-dresden.de, which again is a
>> subdomain
>> of dom.tu-dresden.de. User accounts are administered centrally in
>> the
>> root domain dom.tu-dresden.de. If I logon to a client with a
>> useraccount
>> I'm getting a tgt and service tickets and everything works fine, as
>> seen
>> in the klist output:
> I wonder if this is a 'trusts' problem ?
> Stefan Kania probably knows more about them than anyone else, he gave a
> talk about them at SambaXP, see here for the pdf:
>
> https://www.kania-online.de/wp-content/uploads/2019/06/trusts-tutorial-en.pdf
>
> Reading that may give you help.
>
> Rowland
>
>
>


More information about the samba mailing list