[Samba] How does "winbind refresh tickets" work?
Taner Tas
taner76 at gmail.com
Mon Aug 19 09:57:38 UTC 2019
Hi,
I just checked (enabled) "Trust this computer delegation to any service (Kerberos only)" for proxy server which wasn't checked before.
I tested it after installing libpam-krb5 (which Rowland advised) with /etc/krb5.conf below.
------ krb5.conf ------
[libdefaults]
default_realm = MYDOMAIN.ORG
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 5m
renew_lifetime = 6m
[realms]
MYDOMAIN.ORG = {
default_principal_flags = +renewable
}
------
I used small time steps (5m+1m) in order to observe the behavior but unfortunately it didn't work. Ticket doesn't get updated by winbind.
Any further advice?
__
Taner Tas
On Monday, August 19, 2019, 11:48:20 AM GMT+3, L.P.H. van Belle via samba <samba at lists.samba.org> wrote:
Hai,
Below is a bit garbled, but what about.
What did you set for you proxy server?
Did you enable the "This computer is allowed to Delegate (only kerberos )
samba-tool delegation for-any-service COMPUTERNAME$ on
And have you tried to increase the ticket lifetime in /etc/krb5.conf
For example: ticket_lifetime = 24h
Greetz,
Louis
More information about the samba
mailing list