[Samba] Samba, Kerberos, Autofs: Shares get disconnected

Rowland Penny rpenny at samba.org
Mon Feb 12 09:19:33 UTC 2024 

On Mon, 12 Feb 2024 09:38:01 +0100
"Pluess, Tobias via samba" <samba at lists.samba.org> wrote:

> Good day
> 
> please excuse my delayed response.
> Thanks for the hint with the machine account. I will try this.
> I realised I can also manually refresh Kerberos tickets.
> 
> I have the following:
> 
> $ klist
> Valid starting       Expires              Service principal
> 02/12/2024 08:39:44  02/12/2024 18:39:44  krbtgt/CAMPUS
> renew until 02/13/2024 08:39:40
> 
> so this ticket is valid until 12. February 18:39. Fine. 

Not really, my tickets have a renewal time of one week i.e.

klist -c /tmp/krb5cc_11104 
Ticket cache: FILE:/tmp/krb5cc_11104
Default principal: rowland at SAMDOM.EXAMPLE.COM

Valid starting     Expires            Service principal
12/02/24 07:56:02  12/02/24 17:56:02  krbtgt/SAMDOM.EXAMPLE.COM at SAMDOM.EXAMPLE.COM
	renew until 19/02/24 07:56:02


>And I can
> refresh it using kinit -R. This also works. 

You shouldn't have to manually refresh the ticket, winbind can do it
for you.

>However, there is the
> line "renew until". I read that this means this very ticket can only
> be refreshed until 13. February 8:39. After that date, it is no
> longer possible to refresh this ticket. So I am still wondering how
> it could be possible to have a mountpoint that uses Kerberos and
> stays connected for longer than a couple days, without disconnecting
> and reconnecting again? is that even possible?

I Think we need to see your /etc/krb5.conf and the output of 'testparm
-s'

> 
> Will try now the machine account as well, hopefully with better
> results.

The machine ticket can mount a share, but you will also need
'multiuser' and your users will also require a valid ticket.

> 
> Concerning the questions for autofs:
> This is a service that automatically mounts any file systems as soon
> as they are accessed. I didn't want to put my network shares into the
> fstab, as this may cause trouble when the network is not reachable
> for some reason. With autofs, the shares are mounted as soon as they
> are accessed, and unmounted if no process is accessing them anymore.
> 

Surely the network not being reachable is also a problem for autofs and
what if the connection goes idle (for whatever reason), does autofs
drop the connection ?

Rowland

More information about the samba mailing list