Bug 6743 - winbind refresh tickets = yes stops working after awhile
Summary: winbind refresh tickets = yes stops working after awhile
Status: RESOLVED DUPLICATE of bug 9098
Alias: None
Product: Samba 3.4
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 3.4.0
Hardware: Other Linux
: P3 normal
Target Milestone: ---
Assignee: Michael Adam
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-09-17 18:52 UTC by Jason Gunthorpe
Modified: 2012-08-22 17:10 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Gunthorpe 2009-09-17 18:52:52 UTC 
This happens on samba 3.4 and 3.3.2. When logged in through gdm (ubuntu Jaunty) with the pam_winbind module, winbind does happily refresh the kerberos ticket for a while (week? couple days? not sure yet). Then it stops. Restarting winbind causes the ticket to be immediately refreshed. Once stopped it doesn't seem to startup again.

It is strange, when it stops working the ticket left behind always lacks the host SPN:

#klist
Ticket cache: FILE:/tmp/krb5cc_2009
Default principal: jgg@ADS.ORCORP.CA

Valid starting     Expires            Service principal
09/17/09 03:49:49  09/17/09 13:49:49  krbtgt/ADS.ORCORP.CA@ADS.ORCORP.CA
        renew until 09/23/09 15:34:54


Kerberos 4 ticket cache: /tmp/tkt2009
klist: You have no tickets cached
# sudo /etc/init.d/winbind restart
[sudo] password for jgg: 
 * Stopping the Winbind daemon winbind                                                                                 [ OK ] 
 * Starting the Winbind daemon winbind                                                                                 [ OK ] 
jggl{jgg}/scratch/jgg/logic#klist
Ticket cache: FILE:/tmp/krb5cc_2009
Default principal: jgg@ADS.ORCORP.CA

Valid starting     Expires            Service principal
09/17/09 17:19:24  09/18/09 03:19:24  krbtgt/ADS.ORCORP.CA@ADS.ORCORP.CA
        renew until 09/24/09 17:19:24
09/17/09 17:19:24  09/18/09 03:19:24  JGGL$@ADS.ORCORP.CA
        renew until 09/24/09 17:19:24


Kerberos 4 ticket cache: /tmp/tkt2009
klist: You have no tickets cached


I have no idea how to further debug this? Any advice to collect something from some log files?

There is an old bug very similar to this (4945) that recommends the now gone cached_logon setting, but I don't see any log messages that look like what was reported there, the ticket seems to have lots of renewable lifetime left, and winbind can clearly re-get the ticket on its own after being restarted.. Time sync to the AD server looks good.

Thanks,
Jason
Comment 1 Jason Gunthorpe 2011-12-20 19:15:27 UTC 
This still happens and has happened consistently since I opened this bug on all Ubuntu versions we have tried. Currently still happening on 11.10 with Samba 3.5.11.

Is there any way to track this down?
Comment 2 ian.gordon 2012-08-22 07:51:24 UTC 
I think this problem is identical to the problem I reported in (bug 9098)
https://bugzilla.samba.org/show_bug.cgi?id=9098

There is a patch for it.
Comment 3 Jeremy Allison 2012-08-22 17:10:03 UTC 

*** This bug has been marked as a duplicate of bug 9098 ***