[Samba] NT_STATUS_NETWORK_SESSION_EXPIRED Domain member
Chris
chris2014 at postbox.xyz
Mon Dec 17 00:19:54 UTC 2018
All,
using Samba as an AD (2k12) domain member in Stretch
(2:4.5.12+dfsg-2+deb9u4) with tdb as default and rid as domain backend.
No overlapping. Everything works fine. Setup was done as in the wiki
[1].
If you're connecting from a Windows 10 client and do not add
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = Yes
to smb.conf, the SMB3_11 connection is closed, as soon as the service
ticket expires.
1. Some websites say, service tickets are only verified when connecting
to a server. Is this still true? Why is the connection timing out then?
Which tickets does the server renew? Machine account? Is this because of
mutual authentication or encryption? I thought tickets were handled by
the client?
2. Is this related to bug 13197 [2]? That's the only thing I could find
about this status code and it seems it's not fixed in version 4.5 in
Debian.
3. Default kerberos method is secrets only - use only the secrets.tdb
for ticket verification. Why is this not sufficient? Why is
the /etc/krb5.keytab needed? It's not mentioned in the wiki [1], but in
[3].
- Chris
[1] https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
[2] https://bugzilla.samba.org/show_bug.cgi?id=13197
[3] https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting
More information about the samba
mailing list