[Samba] Samba, Kerberos, Autofs: Shares get disconnected
Rowland Penny
rpenny at samba.org
Wed Feb 28 15:01:00 UTC 2024
On Wed, 28 Feb 2024 14:22:49 +0100
"Pluess, Tobias via samba" <samba at lists.samba.org> wrote:
> Hi Rowland
>
> yes sure I know who user '0' is ;-)
> so where should the ticket be then?
> I just rebooted the PC and logged in via SSH as root. There is no
> ticket for the machine :-(
There is, you just cannot see it, mainly because it is in memory.
>
> even though, the Active Directory join seems to be OK, as "net ads
> testjoin" says so.
If you start a computer that is joined to AD, then you get a kerberos
ticket for the computer in memory, you do not get a physical ticket.
>
> I am still a bit lost on how I should proceed.
> To have this all working more or less, I just mounted the shares with
> the credentials file, this is fine as it works reliably but has the
> drawback that the access permissions are not per-user.
> But maybe I will stick to that anyways as it seems I am not able to
> get the other option to work, obviously something is missing but I
> have absolutely no idea which part I missed.
Try running this on one of your Samba AD DCs, it should dump your
entire AD:
sudo ldbsearch -H "ldap://$(hostname -f)" -P
Make sure that you do not have a ticket for root or the user running
the command in /tmp
I hope this shows that you do not need a physical kerberos ticket in
/tmp to use the machines ticket.
If you want, I could post how I set up the two machines for testing.
Rowland
More information about the samba
mailing list