Comment 0 for bug 1037055

winbindd will renew kerberos tickets until they expire, but it seems unable to refresh them before expiry.

I am using in smb.conf

winbind refresh ticket = true

and have cached_login set for pam_winbind

After 7 days ( the renewal limit on AD kerberos tickets) the ticket expires and I lose access to my NFS home directory which uses sec=krb5

I have tried to debug why this is happening and have come to the conclusion that there are to important variables for ticket refreshing to work (both in winbind/winbindd_cred_cache.c):

ccache_list
memory_creds_list

and that the function that stores the password for later refreshing use is called

winbindd_add_memory_creds

This function though requires that the user is ccache_list before it stores the password in a way it can be used by the rekinit part of the function krb5_ticket_refresh_handler.

The problem as I see it is that winbind forks and the parent populates ccache_list and the child populates memory_creds_list.
This leads to the password not being stored in a way that can be used by the rekinit code in krb5_ticket_refresh_handler.

As a dirty hack (attached) I tried populating memory_creds_list from the same location as ccache_list get populated (winbindd_raw_kerberos_login in winbind/winbindd_pam.c).

This hack "fixes" the problem.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: winbind 2:3.6.3-2ubuntu2.3
ProcVersionSignature: Ubuntu 3.2.0-27.43-generic 3.2.21
Uname: Linux 3.2.0-27-generic x86_64
ApportVersion: 2.0.1-0ubuntu12
Architecture: amd64
Date: Wed Aug 15 11:30:27 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
ProcEnviron:
 LANGUAGE=en_GB:en
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
SambaClientRegression: No
SourcePackage: samba
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.default.winbind: 2012-07-06T14:00:57
mtime.conffile..etc.init.d.winbind: 2012-07-06T14:00:57