[Samba] Samba, Kerberos, Autofs: Shares get disconnected

Pluess, Tobias tpluess at ieee.org
Wed Feb 7 08:20:07 UTC 2024 

Dear Rowland,

unfortunately, it does not work:
I added "winbind refresh tickets = yes" to the smb.conf on both, the server
and the client, and restarted smb.
Unfortunately, the tickets do expire anyways, and I get disconnected after
10 hours, even while I am still accessing the network share :-(

thanks
best
Tobias


On Tue, Feb 6, 2024 at 1:41 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Tue, 6 Feb 2024 13:27:29 +0100
> "Pluess, Tobias via samba" <samba at lists.samba.org> wrote:
>
> > Hi,
> > I am still trying to figure out the best settings for Samba and
> > Kerberos with autofs.
> > My setup so far works good, users can log in on their computers using
> > AD credentials, and they can access network shares with AD
> > credentials as well. This works perfect.
> > Also I notice that some Kerberos ticket is created upon user login,
> > which allows the users to access a Samba share without entering the
> > password, which is very convenient.
> > For this to work, I had to create the SPNs in AD. However, that
> > worked. So currently, it works all quite convenient.
> > Further, I have configured autofs to automatically mount for each
> > user the network shares they need.
> > For this, I used the "multiuser" and "sec=krb5" options. This also
> > works as I expected. However, I notice the following problem.
> >
> > Assume I log in on my workstation and I have a Samba share
> > automounted (via autofs) under /storage/work. Just after logging in
> > into my workstation, I can easily access the share without troubles.
> > However, when I leave my workstation running during the night and
> > return the next morning, I notice the /storage/work has been
> > disconnected, even if I had some program running there that accesses
> > these data. Furthermore, autofs cannot anymore automatically
> > reconnect the network share, it claims "required key not available".
> > The only way to reconnect the share seems to be
> >
> > a) stop autofs
> > b) kdestroy
> > c) kinit, and enter the password
> > d) restart autofs
> >
> > then the share works again as normal.
> > I wonder, is this behaviour intentional or is this a bug or just
> > misconfiguration? I thought as long as I stay logged in on my
> > workstation, the Kerberos ticket does not expire. However according
> > to above error message from autofs this seems not to be the case. Can
> > I somehow fix this? It happens often that I leave my computer running
> > over night, with some program left open to access some network
> > shares. Previously I did that with a credentials file, but I still
> > dislike this concept and would favour autofs + Kerberos if possible.
> >
> > Thanks
> > best
> > Tobias
>
> Do you have 'winbind refresh tickets = yes' set in your smb.conf file ?
> It defaults to 'no'
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list