[Samba] Samba, Kerberos, Autofs: Shares get disconnected
Kees van Vloten
keesvanvloten at gmail.com
Tue Feb 6 12:36:34 UTC 2024
Op 06-02-2024 om 13:27 schreef Pluess, Tobias via samba:
> Hi,
> I am still trying to figure out the best settings for Samba and Kerberos
> with autofs.
> My setup so far works good, users can log in on their computers using AD
> credentials, and they can access network shares with AD credentials as
> well. This works perfect.
> Also I notice that some Kerberos ticket is created upon user login, which
> allows the users to access a Samba share without entering the password,
> which is very convenient.
> For this to work, I had to create the SPNs in AD. However, that worked. So
> currently, it works all quite convenient.
> Further, I have configured autofs to automatically mount for each user the
> network shares they need.
> For this, I used the "multiuser" and "sec=krb5" options. This also works as
> I expected. However, I notice the following problem.
>
> Assume I log in on my workstation and I have a Samba share automounted (via
> autofs) under /storage/work. Just after logging in into my workstation, I
> can easily access the share without troubles. However, when I leave my
> workstation running during the night and return the next morning, I notice
> the /storage/work has been disconnected, even if I had some program running
> there that accesses these data. Furthermore, autofs cannot anymore
> automatically reconnect the network share, it claims "required key not
> available". The only way to reconnect the share seems to be
>
> a) stop autofs
> b) kdestroy
> c) kinit, and enter the password
> d) restart autofs
>
> then the share works again as normal.
> I wonder, is this behaviour intentional or is this a bug or just
> misconfiguration? I thought as long as I stay logged in on my workstation,
> the Kerberos ticket does not expire. However according to above error
> message from autofs this seems not to be the case. Can I somehow fix this?
> It happens often that I leave my computer running over night, with some
> program left open to access some network shares. Previously I did that with
> a credentials file, but I still dislike this concept and would favour
> autofs + Kerberos if possible.
>
> Thanks
> best
> Tobias
A ticket expires after 10 hours (this is the default setting), I guess
you need to do something to refresh it. Are you using the user's ticket
to mount the share or do you have a special user that performs a
multi-user mount?
- Kees.
More information about the samba
mailing list