Comment 7 for bug 1892145

I'm using a focal container for this test, with kdc and samba on localhost, but using fqdn's for the access.
krb5-kdc 1.17-6ubuntu4
samba 2:4.11.6+dfsg-0ubuntu1.4

With the default ccache_type of FILE in ubuntu/debian:
$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: <email address hidden>
...

smbclient //focal-smbclient-kerberos.lxd/storage -k (after kinit)
smbclient -L focal-smbclient-kerberos.lxd -k (after kinit)
smbclient -L focal-smbclient-kerberos.lxd -N (with or without kinit)

work.

The moment I set this in /etc/krb5.conf:

default_ccache_name = KEYRING:persistent:%{uid}

(is that the setting you have?)

Then some things change, but I don't get a core dump.

This works with or without kinit:
smbclient -L focal-smbclient-kerberos -N

These don't work after kinit:

$ smbclient -L focal-smbclient-kerberos -k
gensec_spnego_client_negTokenInit_step: Could not find a suitable mechtype in NEG_TOKEN_INIT
session setup failed: NT_STATUS_INVALID_PARAMETER

$ smbclient //focal-smbclient-kerberos.lxd/storage -k
gensec_spnego_client_negTokenInit_step: Could not find a suitable mechtype in NEG_TOKEN_INIT
session setup failed: NT_STATUS_INVALID_PARAMETER
$ klist
Ticket cache: KEYRING:persistent:1000:1000
Default principal: <email address hidden>

Valid starting Expires Service principal
08/31/20 14:49:10 09/01/20 00:49:10 <email address hidden>
 renew until 09/01/20 14:49:09

I did find an upstream heimdal bug about adding support for KEYRING, and it's closed now with a fix committed:
https://github.com/heimdal/heimdal/issues/166

I will have to investigate further to see how samba was built and confirm our heimdal libraries in ubuntu have this support available. And if this is the problem we are seeing here.

I'll check your core dump file now.

From your side, if you switch the ccache type to FILE (or just remove the KEYRING overriding config), does the core dump go away?