[Samba] Samba4 and sssd, keytab file expires?

Alessandro Briosi tsdogs at briosix.org
Wed Dec 31 01:26:34 MST 2014


>> Even if I restart the service things don't change. The only solution I
>> have found so far is regenerating the keytab file.
>> It seems that the kerberos principal expires. Is this normal?
>> Funny thing is that on the 1st dc I am using sssd too and ssh logins
>> work as expected (no need to change the keytab file).
>> 
>> Anyone seen this before?

> Which pricipal expires?
> 
> That tickets expire is built into Kerberos. I'm using nslcd and require
> k5start to refresh the principal. Could it be that you're runnining
> something like that on your 1st DC?

> Regards,
>   - lars.

That's what I was asking, is it really expiring?
Should the principal be refreshed, or is there a way to make it not 
expire?

I have followed the wiki [1], but there's no mention about principal 
expiration.

Also the first dc (CentOS 6) is using sssd and it's principal seems to 
be working fine, no expiration.

Thanks,
Alessandro


[1] 
https://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd


More information about the samba mailing list