[Samba] Re: newbie question reguarding kerberos tickets

Doug VanLeuven roamdad at sonic.net
Fri May 12 04:17:14 GMT 2006

When using domain logons, after resuming from a hibernate that
exceeded the lifetime of the Kerberos ticket, the client doesn't
immediately renew the ticket.  It will auto renew, but I've not
determined the amount of time it takes.
Is there a way to force the client to renew the ticket?  Short of
rebooting, that is.  Things don't work very well until it's renewed.
Trying to go green.  Samba client and/or XP/2000 client?

Regards, Doug

simo wrote:
> Samba stores the machine password and obtains tickets from the KDC when
> needed.
> Simo.
> On Thu, 2006-05-11 at 16:53 -0500, Doug Tucker wrote:
>> Thanks.  But again, is the ticket even needed?  I deleted the darn
>> thing, rebooted to make sure it wasn't cached in memory somewhere, and
>> everything seems to be working perfectly.  If it is indeed needed, and I
>> need to extend the period, is there any directions on how to do that on
>> the windows side?
>> On Thu, 2006-05-11 at 23:07 +0200, Blaž Primc wrote:
>>> Hi,
>>> the period for which the ticket is valid can be set in Windows Server.
>>> Best regards, Blaž.
>>> Doug Tucker wrote:
>>>> I recently joined a samba 3.0.22 server to AD.  When I did the kinit,
>>>> the AD gave me a 24 hour ticket with a 1 week renewal.  Setting -r and
>>>> -l to 365d did not change anything, the ticket still came back the same.
>>>> However, my question is in reguard to whether this is really even
>>>> needed?  First, I deleted the ticket, and everything seemed to continue
>>>> to work perfectly.  Now, I let the ticket expire for a couple of weeks
>>>> now, and yet, the samba server is working fine and users still
>>>> authenticate against AD just fine.  Am I missing something, or is the
>>>> creation of that ticket not even needed?  Thank you for your assistance.
>>>> doug...

More information about the samba mailing list