Kerberos ticket expiration on CIFS client

Steve French smfrench at gmail.com
Wed Apr 10 02:52:40 UTC 2019


Have you tried a similar scenario, but with winbind getting the
kerberos tickets (rather than kinit)?   Since winbind can handle
automatic ticket refresh

https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto#Automatic_Kerberos_Ticket_Refresh

On Tue, Apr 9, 2019 at 9:49 PM Andy Beal <andybeal623 at gmail.com> wrote:
>
> Hi there,
>
> I recently deployed an SMB share for my team and am trying to access
> it from Linux clients joined to the same AD (using cifs-utils). When
> mapping the file share, I first run "kinit <user at domain>" to receive a
> Kerberos certificate on my client, and then map the share using
> "sec=krb5" in the mount command.
>
> This all works flawlessly, but 10 hours later (the lifetime of the
> Kerberos ticket) the mapped share stops working. Note that I don't see
> the same behavior when mounting the same share from a Windows client
> (e.g., there's no need to re-login after 10 hours).
>
> Is there anything that needs to be set up in the Linux CIFS clients to
> prevent the tickets from expiring, or to cause them to periodically
> renew themselves (similar to what Windows clients might be doing to
> work around this issue)?
>
> Thanks!
>
> Andy



-- 
Thanks,

Steve



More information about the samba-technical mailing list