[Samba] MIT Kerberos tickets gone..

Scarry, Robert robert.scarry at eds.com
Wed Mar 2 02:35:21 GMT 2005

I have the following scenario.

Windows 2K Active Dir server,  Samba 3.0.7 running on Solaris 2.8.

Running MIT Kerberos to join and authenticate with the AD.  Things work ok,
can join the domain, and can access the samba server from trusted domains as
well as local domain.

However, when doing 'kinit' I have found that the default ticket life was
for 24 hours is seemed.  After I reboot the solaris / samba server the
Kerberos token was gone, and I had to manually generate a new ticket and do
a 'net ads join' again to get the server back up..

I found that I can us the "-d" option with kinit to increase the ticket life
and did so to 500 days.  Reboot the server and the token is gone again..
Have to then do a 'kinit' again as well as a 'net ads join' to get things
running again.

I read that I should not have a /etc/krb5.conf due to locking things down to
one kdc only.  Any ideas?

More information about the samba mailing list