Hi, As posted on the list "potential samba bug with Kerberos -k => --use-kerberos" on January 27, 2022 Samba >= 4.15 now gives a deprecation warning when using -k: root@server:~# net ads join -k WARNING: The option -k|--kerberos is deprecated! Using short domain name -- DOMAIN Joined 'SERVER' to dns domain 'DOMAIN.COM' Using its replacement "--use-kerberos=required" will prompt for a password, even when a valid Kerberos ticket is present. We assume this should not be the case. root@server:~# net ads join --use-kerberos=required Password for [user@DOMAIN.COM]: According to man page there is also "--use-krb5-ccache=CCACHE" which will automatically set "--use-kerberos=required" as well. This works indeed and does not ask for a password: root@server:~# net ads join --use-krb5-ccache=/tmp/krb5cc_0 Using short domain name -- DOMAIN Joined 'SERVER' to dns domain 'DOMAIN.COM' Now the more interesting part, following also works: root@server:~# net ads join --use-krb5-ccache= Using short domain name -- DOMAIN Joined 'SERVER' to dns domain 'DOMAIN.COM' And this as well: root@server:~# net ads join --use-krb5-ccache=/this/does/not/exist Using short domain name -- DOMAIN Joined 'SERVER' to dns domain 'DOMAIN.COM'
(In reply to glorang from comment #0) This sounds like a duplicate of bug 14846, which was fixed in 4.15.3 So which version are you using ?
This is on Ubuntu 22.04 which ships with 2:4.15.5~dfsg-0ubuntu5. I've checked the Ubuntu source for package samba-common-bin and the patch of #14846 is applied.