Kerberos ticket expiration on CIFS client
L. van Belle
belle at samba.org
Wed Apr 10 07:39:07 UTC 2019
Bit of a bad example, because this link shows really out dated examples.
# winbind separator = +
winbind refresh tickets = yes
idmap uid = 10000-20000 <<<< idmap uid ...
I suggest look at :
Which is up2date.
> -----Oorspronkelijk bericht-----
> Van: samba-technical
> [mailto:samba-technical-bounces at lists.samba.org] Namens Steve
> French via samba-technical
> Verzonden: woensdag 10 april 2019 4:53
> Aan: Andy Beal; samba-technical
> CC: CIFS
> Onderwerp: Re: Kerberos ticket expiration on CIFS client
> Have you tried a similar scenario, but with winbind getting the
> kerberos tickets (rather than kinit)? Since winbind can handle
> automatic ticket refresh
> On Tue, Apr 9, 2019 at 9:49 PM Andy Beal
> <andybeal623 at gmail.com> wrote:
> > Hi there,
> > I recently deployed an SMB share for my team and am trying to access
> > it from Linux clients joined to the same AD (using cifs-utils). When
> > mapping the file share, I first run "kinit <user at domain>"
> to receive a
> > Kerberos certificate on my client, and then map the share using
> > "sec=krb5" in the mount command.
> > This all works flawlessly, but 10 hours later (the lifetime of the
> > Kerberos ticket) the mapped share stops working. Note that
> I don't see
> > the same behavior when mounting the same share from a Windows client
> > (e.g., there's no need to re-login after 10 hours).
> > Is there anything that needs to be set up in the Linux CIFS
> clients to
> > prevent the tickets from expiring, or to cause them to periodically
> > renew themselves (similar to what Windows clients might be doing to
> > work around this issue)?
> > Thanks!
> > Andy
More information about the samba-technical