Hi everyone, Fady, renbag, I have been working on this bug on and off for a little while now, but I am stuck because I can't reproduce what you are all seeing. Having a reproducer will greatly speed up getting a fix created for this issue.
In my client gvfsd is always started via systemd --user, so I must be configuring something differently. Can you try out my reproducer and let me know what you are configuring differently? Instructions to reproduce: You will need a 20.04 server instance, and a 20.04 Desktop instance. To set up the server: 1) Create a fresh 20.04 server instance 2) sudo apt update 3) sudo apt upgrade 4) sudo hostnamectl set-hostname samba-dc 5) sudo vim /etc/hosts Add an entry with its IP address, e.g.: 192.168.122.199 samba-dc samba-dc.example.com 6) sudo apt install -y samba smbclient winbind libpam-winbind libnss-winbind krb5-kdc libpam-krb5 Note: skip config of kerberos KDC. 7) sudo rm /etc/krb5.conf 8) sudo rm /etc/samba/smb.conf 9) sudo samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=SAMBA_INTERNAL --realm=samba-dc.EXAMPLE.COM --domain=SAMBA --adminpass=Password1 10) sudo cp /var/lib/samba/private/krb5.conf /etc/krb5.conf 11) sudo systemctl mask smbd nmbd winbind 12) sudo systemctl disable smbd nmbd winbind 13) sudo systemctl stop smbd nmbd winbind 14) sudo systemctl unmask samba-ad-dc 15) sudo systemctl start samba-ad-dc 16) sudo systemctl enable samba-ad-dc 17) sudo reboot 18) sudo systemctl stop systemd-resolved 19) sudo systemctl disable systemd-resolved 20) cat << EOF >> /etc/resolv.conf nameserver 192.168.122.199 search SAMBA EOF 21) sudo reboot 22) host -t SRV _ldap._tcp.samba-dc.example.com _ldap._tcp.samba-dc.example.com has SRV record 0 100 389 samba-dc.samba-dc.example.com. 23) $ smbclient -L localhost -N Anonymous login successful Sharename Type Comment --------- ---- ------- sysvol Disk netlogon Disk IPC$ IPC IPC Service (Samba 4.13.17-Ubuntu) SMB1 disabled -- no workgroup available 24) $ smbclient //localhost/netlogon -UAdministrator -c 'ls' Enter SAMBA\Administrator's password: . D 0 Mon Feb 28 04:23:22 2022 .. D 0 Mon Feb 28 04:23:27 2022 9983232 blocks of size 1024. 7995324 blocks available 25) kinit administrator Password for administra...@samba-dc.example.com: Warning: Your password will expire in 41 days on Mon Apr 11 04:23:27 2022 26) klist Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: administra...@samba-dc.example.com Valid starting Expires Service principal 02/28/22 04:32:47 02/28/22 14:32:47 krbtgt/samba-dc.example....@samba-dc.example.com renew until 03/01/22 04:32:44 27) Create a share: 28) sudo mkdir -p /srv/samba/Demo/ 29) sudo vim /etc/samba/smb.conf [Demo] path = /srv/samba/Demo/ read only = no 30) sudo chmod 0770 /srv/samba/Demo/ Install a fresh 20.04.4 Desktop instance, and run the following: 31) sudo apt install realmd smbclient 32) sudo vim /etc/hosts Add an entry with its IP address, e.g.: 192.168.122.199 samba-dc samba-dc.example.com 33) sudo realm join --user=Administrator SAMBA-DC.EXAMPLE.COM $ smbclient -U Administrator //samba-dc.example.com/demo Enter WORKGROUP\Administrator's password: Try "help" to get a list of possible commands. smb: \> ls . D 0 Mon Mar 7 15:20:30 2022 .. D 0 Mon Mar 7 15:20:30 2022 9983232 blocks of size 1024. 7686220 blocks available $ smbclient //samba-dc.example.com/demo -k gensec_spnego_client_negTokenInit_step: Could not find a suitable mechtype in NEG_TOKEN_INIT session setup failed: NT_STATUS_INVALID_PARAMETER Now open Nautilus, add smb://samba-dc.example.com/demo as a share, and you will be faced with a dialog box asking for username / password credentials. Close Nautilus. Let's get a kerberos ticket: $ kinit administra...@samba-dc.example.com Password for administra...@samba-dc.example.com: Warning: Your password will expire in 11 days on Mon 11 Apr 2022 16:23:27 $ smbclient //samba-dc.example.com/demo -k Try "help" to get a list of possible commands. smb: \> ls . D 0 Mon Mar 7 15:20:30 2022 .. D 0 Mon Mar 7 15:20:30 2022 9983232 blocks of size 1024. 7616832 blocks available 34) Open Nautilus, add smb://samba-dc.example.com/demo as a share, and it will open correctly using kerberos credentials. When I look at my process list, gvfsd is where it is suppose to be, under the systemd user session: $ ps auxf ... ubuntu 1207 0.5 0.2 19008 10128 ? Ss 12:12 0:00 /lib/systemd/systemd --user ubuntu 1208 0.0 0.0 179632 3544 ? S 12:12 0:00 \_ (sd-pam) ubuntu 1213 0.3 0.4 1220668 19360 ? S<sl 12:12 0:00 \_ /usr/bin/pulseaudio --daemonize=n ubuntu 1216 0.2 0.6 511384 24280 ? SNsl 12:12 0:00 \_ /usr/libexec/tracker-miner-fs ubuntu 1218 0.6 0.1 19344 6472 ? Ss 12:12 0:00 \_ /usr/bin/dbus-daemon --session -- ubuntu 1222 0.0 0.1 239692 7640 ? Ssl 12:12 0:00 \_ /usr/libexec/gvfsd ... Looking at /proc/1222/environ: $ cat /proc/1222/environ HOME=/home/ubuntuLANG=en_NZ.UTF-8LANGUAGE=en_NZ:enLOGNAME=ubuntuPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/snap/binSHELL=/bin/bashUSER=ubuntuXDG_RUNTIME_DIR=/run/user/1000GTK_MODULES=gail:atk-bridgeQT_ACCESSIBILITY=1XDG_DATA_DIRS=/usr/local/share/:/usr/share/:/var/lib/snapd/desktopDBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/busMANAGERPID=1207INVOCATION_ID=a9b1a819b2e9444ba10b97de7d446b8eJOURNAL_STREAM=8:35057 I don't seem to have KRB5CCNAME set, but yet, it works. What am I doing that gvfsd starts later than it does in your environments? Do I need to use sssd to get the ticket instead? I configured /etc/sssd/sssd.conf with the below: [sssd] domains = samba-dc.example.com config_file_version = 2 services = nss, pam [domain/samba-dc.example.com] default_shell = /bin/bash ad_server = samba-dc.example.com krb5_store_password_if_offline = True cache_credentials = True krb5_realm = SAMBA-DC.EXAMPLE.COM realmd_tags = manages-system joined-with-adcli id_provider = ad fallback_homedir = /home/%u@%d ad_domain = samba-dc.example.com use_fully_qualified_names = True ldap_id_mapping = True access_provider = ad simple_allow_users = administrator and rebooted, but gvfsd is still started inside the systemd --user session, and not before. Any ideas would be appreciated. Thanks, Matthew -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gvfs in Ubuntu. https://bugs.launchpad.net/bugs/1779890 Title: Nautilus does not use a valid Kerberos ticket when accessing Samba share Status in gvfs: Unknown Status in gvfs package in Ubuntu: Triaged Bug description: Nautilus prompts for username and password when accessing a Samba share on a network drive, despite having a perfectly valid unexpired Kerberos ticket. The Kerberos ticket is obtained automatically at logon by authentication against a Samba Active Directory server (Samba AD-DC). Accessing the same Samba share with the same Kerberos ticket via "smbclient //host/sharename -k" works fine. One known workaround is: "nautilus -q", and then "killall gvfsd". After that, accessing the Samba share with Nautilus works normally as it should. I did not experience this issue in Ubuntu 16.04. It appears that a regression was introduced somewhere between 16.04 and 18.04. The issue is quite annoying and confusing for the users who are used to accessing Samba shares on the network drive without being prompted for their username and password. The issue appears to manifest itself usually not on the first access to a Samba share, but on subsequent accesses after a system reboot or upon user logout/login. Strangely, removing ~/.cache/ibus/bus/registry file before user login appears to fix the issue for the current user session, but then the problem reappears upon subsequent user logins or after a system reboot. Nemo appears to have the same problem as Nautilus. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gvfs-daemons 1.36.1-0ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-24.26-generic 4.15.18 Uname: Linux 4.15.0-24-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu7.2 Architecture: amd64 Date: Tue Jul 3 11:12:06 2018 ExecutablePath: /usr/lib/gvfs/gvfsd InstallationDate: Installed on 2018-04-27 (66 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) ProcEnviron: LANG=en_CA.UTF-8 PATH=(custom, no user) SHELL=/bin/bash XDG_RUNTIME_DIR=<set> SourcePackage: gvfs UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/gvfs/+bug/1779890/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp