Hi Rowland,
thanks for the document. I'll study this and will see if there is any
help written down.
A point, I forgot to mention, is that ticket refreshing with winbind
worked well with the given configuration until the update of samba 4.13
to 4.15 by the SUSE team in case of openSUSE Leap 15.3. And it is still
present with samba 4.16.2 and openSUSE Leap 15.4.
Regards,
--
Andreas Hauffe**
Am 27.06.22 um 14:08 schrieb Rowland Penny via samba:> On Mon, 2022-06-27 at 12:45 +0200, Andreas Hauffe via samba wrote:
>> Error verifying signature: parse error
>> Dear list,
>>
>> I'm having trouble with refreshing kerberos tickets with winbind.
>> Our
>> clients are openSUSE Leap 15.4 clients with a separately build samba
>> 4.16.2 and they are domain members of an AD domain named
>> ilrw.ing.dom.tu-dresden.de. This domain is a subdomain (two-way,
>> transitive trusts) of ing.dom.tu-dresden.de, which again is a
>> subdomain
>> of dom.tu-dresden.de. User accounts are administered centrally in
>> the
>> root domain dom.tu-dresden.de. If I logon to a client with a
>> useraccount
>> I'm getting a tgt and service tickets and everything works fine, as
>> seen
>> in the klist output:
> I wonder if this is a 'trusts' problem ?
> Stefan Kania probably knows more about them than anyone else, he gave a
> talk about them at SambaXP, see here for the pdf:
>
>
https://www.kania-online.de/wp-content/uploads/2019/06/trusts-tutorial-en.pdf
>
> Reading that may give you help.
>
> Rowland
>
>
>