Thanks everyone, I can confirm that 2:4.1.6+dfsg-1ubuntu2.14.04.1 does
fix my problem.
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
Another data point...
This problem also goes away with a world readable system keytab
(/etc/krb5.keytab). So it isn't just the pam_winbind
'krb5_ccache_type=FILE' setting.
I'll do some more testing to find out whether or not changing the
'kerberos method = secrets and keytab' setting in smb.conf
Some more testing of 'kerberos method' with 'krb5_ccache_type=FILE' and
600 perms on /etc/krb5.keytab
With 'kerberos method = secrets and keytab', winbind logins failed.
With 'kerberos method = system keytab', winbind logins failed.
With 'kerberos method = secrets only', winbind logins started
Public bug reported:
Ubuntu version: 14.04 AMD64
samba, winbind, libpam-winbind version: 2:4.1.6+dfsg-1ubuntu2
After upgrading to 14.04 from 13.10 I couldn't log in with any Active
Directory accounts.
After checking that Winbind itself worked (eg wbinfo and getent still
worked properly) and
I suspect I'm seeing the results of this on some 12.04 virtual servers.
The strange thing is that I'm pretty sure we've had 12.04 servers work
properly in the past. I've tried it with both 3.6.3-2ubuntu2.6 and
3.6.3-2ubuntu2.
We've been getting console errors about either uncontactable KDCs or
Just an update...
3.6.3-2ubuntu2.5 is still working fine for me, and has not had any of
the problems listed above reappear.
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
Thanks Brian, I've installed the winbind, libpam-winbind, libwbclient0,
samba-common, smbclient packages (3.6.3-2ubuntu2.5) from proposed.
I'll keep you posted. It might take a week or two before I'm confident
they are working correctly.
--
You received this bug notification because you are a
Although inconvenient, personally I'm ok with quantal being skipped.
Thanks.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1037055
Title:
winbind does not refresh kerberos tickets
** Description changed:
[Impact]
* If it happens on the client, the client can't authenticate to any
kerberised servers (Windows or Linux).
* If it happens on the server, all clients (Windows or Linux) are unable to
connect to that server any more.
* The main impact is very flaky
Just a gentle prod...
:)
Q: Will updates be published for both precise and quantal? And will I
need to further test both?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1037055
Just checking in...
These PPA updates have been solid for me still.
Is there any more testing or anything that needs doing to progress this
further?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
After further testing, I'm certain the updated packages have fixed the
bug.
Leaving two machines running logged in and idle over the weekend, the
unpatched machine lost its credential cache (again) while the patched
one succesfully renewed its TGT all weekend. And it also successfully
got a new
I've done some testing on machines with and without the new packages.
Conclusion: I think things have improved with the new packages.
More details:
It is hard to tell for sure as there are various things (eg using sudo,
or unlocking the desktop etc) other than winbind that will refresh the
Thanks Robie, I've installed your PPA for testing.
As soon as I know if it has fixed anything (or if it hasn't), I'll
report back.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
I'm also hit by what seems to be the same bug on 12.04. This happens on
both desktops and servers using winbind (pam_winbind) to manage kerberos
keytabs and ticket caches.
We are authenticating against an Active Directory domain controller (2008R2).
We use the winbind/kerberos combo for:
*
Just chiming in to say that 3.4.7~dfsg-1ubuntu3.6 from lucid-proposed
also fixed this problem on our servers as well.
We've gone from daily winbind panics to no crashes since. We haven't
noticed any side-effects either.
Any idea if or when this makes it into lucid-updates?
--
You received this
16 matches
Mail list logo