valan

[valan]

Hello.
Thank you for your response.
Ok, here’s more details.

We have one AD domain. It is 5 Domain Controllers based on Ubuntu Server 16.04 + Samba 4 from standard repositories.in this domain

(it was installed by manuals:

Create an Active Directory Infrastructure with Samba4 on Ubuntu – Part 1

https://www.tecmint.com/join-additional-ubuntu-dc-to-samba4-ad-dc-failover-replication/ )

One Kerberos realm.
Ubuntu Mate 16.04, Ubuntu Mate 18.04 was joined with this domain by this manual: https://www.tecmint.com/join-ubuntu-to-active-directory-domain-member-samba-winbind/

This workstations get internet access throw squid proxy server.
SQUID was configured to use Kerberos tickets to get access rights.
When NX erase tickets, user lost internet access — browsers reports him «access denied».

Users lost access to samba shares, printers, databases in this moments too.

Klist show empty tickets list in this case.
We are lost tickets only on machines with NoMachine NX server installed.
I’ve tried around 10 computers — users get «ticket lost» on all of them.
I can not pinpoint all the situations when tickets are lost.
When the NX server stops, the tickets disappear in 100% of cases.
Often (10%) ticket disappears immediately after the user logs in. If I put the browser into autorun for user then tickets are lost less often.
In which situation the user loses a ticket during the day, it is still difficult for me to determine. I can only record the fact and the approximate time of the incident.
Thanks a lot.

[Author]

Posts