The ticket authtime of a Samba generated S4U2Proxy ticket and the logon_time in the PAC_LOGON_NAME mismatch, because the ticket authtime is not taken from the additional ticket.
Created attachment 13865 [details] Work in progress patch
Comment on attachment 13865 [details] Work in progress patch The current patch is on https://gitlab.com/samba-team/samba/-/merge_requests/2458
This bug was referenced in samba master: b26dcfba10e3e38c04f3fe20dbf49e7e6ef4f0ed
Will be fixed in 4.19