Ubuntu
likewise-open package

likewise-open doesn’t work with kinit

Bug #434649 reported by Alex Mauer
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
likewise-open (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

Binary package hint: likewise-open

On a machine joined to the domain with likewise-open, usernames are like “DOMAIN\username”. When using kinit, it therefore tries to obtain a TGT for DOMAIN\username@kerberosdomain. If likewise-open used only the username instead of DOMAIN\username, this would work properly.

Revision history for this message
Chuck Short (zulcss) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. Unfortunately, we can't fix it because your description didn't include enough information. You may find it helpful to read "How to report bugs effectively" http://www.chiark.greenend.org.uk/~sgtatham/bugs.html. We'd be grateful if you would then provide a more complete description of the problem. We have instructions on debugging some types of problems at http://wiki.ubuntu.com/DebuggingProcedures.
At a minimum, we need:
1. the specific steps or actions you took that caused you to encounter the problem,
2. the behavior you expected, and
3. the behavior you actually encountered (in as much detail as possible).
Thanks!

When reporting bugs in the future please use apport, either via the appropriate application's "Help -> Report a Problem" menu or using 'ubuntu-bug' and the name of the package affected. You can learn more about this functionality at https://wiki.ubuntu.com/ReportingBugs.

Changed in likewise-open (Ubuntu):
importance: Undecided → Low
status: New → Incomplete
Revision history for this message
Alex Mauer (hawke) wrote :

Steps to duplicate:
1. join an AD domain using likewise-open.
2. username will be in the form DOMAIN\username
3. run 'kdestroy' to remove the current kerberos credentials cache
4. run 'kinit' to attempt to get new credentials

expected behaviour:
1. prompt for password.

encountered behaviour:
1. kinit: Client not found in Kerberos database while getting initial credentials

Additional note:
1. 'kinit username' works fine.

Thierry Carrez (ttx)
Changed in likewise-open (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Gerald Carter (coffeedude.jerry) wrote :

This is actually an issue in the kerberos libraries and there is doubtfully little that can be done in the likewise code. There should be little need for a user to manually run kinit as the ticket cache
is initialized on login and lsassd should keep it refreshed. The only exception is when logging in offline
which will not immediately obtain a new ticket for you when connecting to a network. Windows works the same way I believe. Logging out and back in again will resolve this issue.

Would someone close this bug now? I can seem to set that field. Thanks.

Changed in likewise-open (Ubuntu):
status: Confirmed → Invalid
status: Invalid → Confirmed
Thierry Carrez (ttx)
Changed in likewise-open (Ubuntu):
status: Confirmed → Invalid
Revision history for this message
Alex Mauer (hawke) wrote :

I don't think it is a problem with the kerberos libraries, but with the way likewise-open creates usernames. kerberos expects "username" while likewise creates usernames of the form "NTDOMAIN\username"

Changed in likewise-open (Ubuntu):
status: Invalid → Confirmed
Revision history for this message
Gerald Carter (coffeedude.jerry) wrote :

The username is what it is due to Windows. Feel free to leave the bug open but unless enabling
the AsssumeDefaultDomain option solves this for the host's primary domain there is no
fix that will be done here. Technically the Krb5 libraries would need to convert the DOMAIN\username
to a UPN internally.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.