[Samba] Samba, Kerberos, Autofs: Shares get disconnected

Pluess, Tobias tpluess at ieee.org
Tue Feb 6 12:27:29 UTC 2024 

Hi,
I am still trying to figure out the best settings for Samba and Kerberos
with autofs.
My setup so far works good, users can log in on their computers using AD
credentials, and they can access network shares with AD credentials as
well. This works perfect.
Also I notice that some Kerberos ticket is created upon user login, which
allows the users to access a Samba share without entering the password,
which is very convenient.
For this to work, I had to create the SPNs in AD. However, that worked. So
currently, it works all quite convenient.
Further, I have configured autofs to automatically mount for each user the
network shares they need.
For this, I used the "multiuser" and "sec=krb5" options. This also works as
I expected. However, I notice the following problem.

Assume I log in on my workstation and I have a Samba share automounted (via
autofs) under /storage/work. Just after logging in into my workstation, I
can easily access the share without troubles. However, when I leave my
workstation running during the night and return the next morning, I notice
the /storage/work has been disconnected, even if I had some program running
there that accesses these data. Furthermore, autofs cannot anymore
automatically reconnect the network share, it claims "required key not
available". The only way to reconnect the share seems to be

a) stop autofs
b) kdestroy
c) kinit, and enter the password
d) restart autofs

then the share works again as normal.
I wonder, is this behaviour intentional or is this a bug or just
misconfiguration? I thought as long as I stay logged in on my workstation,
the Kerberos ticket does not expire. However according to above error
message from autofs this seems not to be the case. Can I somehow fix this?
It happens often that I leave my computer running over night, with some
program left open to access some network shares. Previously I did that with
a credentials file, but I still dislike this concept and would favour
autofs + Kerberos if possible.

Thanks
best
Tobias

More information about the samba mailing list