[Samba] Problem with ticket lifetimes of Linux clients authenticating to Samba 4 AD
Dirk Heinrichs
dirk.heinrichs at altum.de
Wed Mar 8 20:27:56 UTC 2017
Hi,
I've recently migrated an LDAP/Kerberos 5 setup to a Samba 4 based
Active Directory, mainly to support a couple of Windows clients. Since
this is a small private network, I've set quite long kerberos ticket
lifetimes in smb.conf on the DC. These work fine on the Windows clients,
but are somehow completely ignored on the Linux clients, where users
always get the default ticket lifetime of 10 hours. OTOH, if I just
kinit I get the correct ticket lifetimes, as shown below (right after
login):
% klist
Ticketzwischenspeicher: FILE:/tmp/krb5cc_1234
Standard-Principal: someuser at EXAMPLE.COM
Valid starting Expires Service principal
08.03.2017 19:35:46 09.03.2017 05:35:44 krbtgt/EXAMPLE.COM at EXAMPLE.COM
erneuern bis 07.04.2017 20:35:44
08.03.2017 19:35:46 09.03.2017 05:35:44 SOMEHOST$@EXAMPLE.COM
08.03.2017 19:35:47 09.03.2017 05:35:44 afs/example.com at EXAMPLE.COM
erneuern bis 07.04.2017 20:35:44
% kinit
Passwort for someuser at EXAMPLE.COM:
% klist
Ticketzwischenspeicher: FILE:/tmp/krb5cc_1234
Standard-Principal: someuser at EXAMPLE.COM
Valid starting Expires Service principal
08.03.2017 19:36:36 07.04.2017 20:36:30 krbtgt/EXAMPLE.COM at EXAMPLE.COM
erneuern bis 07.04.2017 20:36:30
Linux clients are setup to use winbind (incl. PAM and NSS modules). Any
idea what I can do to get the correct ticket lifetime right after login.
Thanks...
Dirk
--
Dirk Heinrichs <dirk.heinrichs at altum.de>
GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015
Sichere Internetkommunikation: http://www.retroshare.org
Privacy Handbuch: https://www.privacy-handbuch.de
More information about the samba
mailing list