I'm also hit by what seems to be the same bug on 12.04. This happens on both desktops and servers using winbind (pam_winbind) to manage kerberos keytabs and ticket caches.
We are authenticating against an Active Directory domain controller (2008R2). We use the winbind/kerberos combo for: * logging into Ubuntu desktops, * transparent SSH access (via GSSAPI) to other Ubuntu/Debian machines, * single sign on for webapps running on both Linux and Windows servers, * and authenticating access to file shares (both Samba and Windows) We often find our kerberos credential caches disappearing. This stops kerberos authentication working for eg SSH, HTTP(S), CIFS etc. Things work very well otherwise. Impact: * If it happens on the client, the client can't authenticate to any kerberised servers (Windows or Linux). * If it happens on the server, all clients (Windows or Linux) are unable to connect to that server any more. * The main impact is very flaky network authentication on an LTS release that we will have to live with for a few more years. Workaround: On the desktop run kinit to create a new ticket cache, or on a server restart the winbind daemon after logging in with a local account. This usually needs to be done once or twice a week on my desktop, but less frequently on servers. Test case: I don't have a good understanding on how to reliably reproduce it apart from waiting several days for it to stop authenticating. But the earlier posters above seem to have a better handle on that part. I will commit to testing any proposed updates. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1037055 Title: winbind does not refresh kerberos tickets To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1037055/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
