Comment 1 for bug 1900856

Thanks for the bug report, Alexander!

I have a local setup here with an Active Directory running on Windows Server 2019, and I fired up a Focal VM and tried to reproduce the steps you mentioned above. In a nutshell, here's what I did:

- realm join mydomain --membership-software=adcli
- Installed krb5-user and made sure everything was working correctly
- Installed smbclient et al and made sure everything was also working correctly
- Installed keyutils

Then, I acquired a krb5 ticket (using "kinit user", but without resorting to a separate keytab, as you did above):

# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: <email address hidden>

Valid starting Expires Service principal
10/27/2020 22:23:04 10/28/2020 08:23:04 <email address hidden>
 renew until 10/28/2020 22:23:01

Finally, I tried mounting a SMB share from the Windows Server machine:

# mount //ad1.ad1.example.com/windows /mnt/ -o sec=krb5,multiuser,file_mode=0660,dir_mode=0770,nounix,noserverino

And everything worked correctly. I'm able to list the contents of the share, and if I switch to another user I see that the multiuser option kicks in and I see the files' owner/group is changed accordingly.

Here's the version of everything I'm using:

cifs-utils:
  Installed: 2:6.9-1ubuntu0.1
sssd:
  Installed: 2.2.3-3
smbclient:
  Installed: 2:4.11.6+dfsg-0ubuntu1.5

Unless I'm missing some step from your configuration, it seems I can't reproduce the bug. The only way I can reproduce the same error you had is when I kdestroy my credentials and try to mount the share again.

I will try setting up a samba share on another machine in the realm and then try to reproduce the issue, but initially I don't see how this could make a difference. I'll get back when I have something.