Kerberos ticket expiration on CIFS client

Steve French smfrench at
Wed Apr 10 02:52:40 UTC 2019

Have you tried a similar scenario, but with winbind getting the
kerberos tickets (rather than kinit)?   Since winbind can handle
automatic ticket refresh

On Tue, Apr 9, 2019 at 9:49 PM Andy Beal <andybeal623 at> wrote:
> Hi there,
> I recently deployed an SMB share for my team and am trying to access
> it from Linux clients joined to the same AD (using cifs-utils). When
> mapping the file share, I first run "kinit <user at domain>" to receive a
> Kerberos certificate on my client, and then map the share using
> "sec=krb5" in the mount command.
> This all works flawlessly, but 10 hours later (the lifetime of the
> Kerberos ticket) the mapped share stops working. Note that I don't see
> the same behavior when mounting the same share from a Windows client
> (e.g., there's no need to re-login after 10 hours).
> Is there anything that needs to be set up in the Linux CIFS clients to
> prevent the tickets from expiring, or to cause them to periodically
> renew themselves (similar to what Windows clients might be doing to
> work around this issue)?
> Thanks!
> Andy



More information about the samba-technical mailing list