[Samba] unable to Kerberos NFS mount after machine off overnight

L.P.H. van Belle belle at bazuin.nl
Thu Jul 22 06:41:02 UTC 2021 

Ok, now, this needs bit more info.. 
OS is handy to know for us.

Now this..
- many Linux clients Samba 4.13.10
- Samba 4.13.10 AD server, and mounting using Kerberos from multiple NFS servers

Or is it 
- many Linux clients Samba 4.13.10 and mounting using Kerberos from multiple NFS servers
- Samba 4.13.10 AD server,
( i would expect the last ) 

If a machine stays on all the time?  A machine ? Client ? AD ? Both? 

How do you mount? What did you set? 
And a smb.conf would be nice. 
Im using nfs4 also here, on debian 10 with systemd 
Smb.conf had this 
   # How you can use kerberos (man smb.conf search : kerberos method )
    kerberos method = secrets and keytab
    dedicated keytab file = /etc/krb5.keytab

    # Renew the kerberos ticket or you member its computer password will expire.
    winbind refresh tickets = yes

And the nfs/host.fqdn is set (and in ad + /etc/krb5.keytab ) 

Tell me more and we can find out whats going on here. 

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Jason Keltz via samba
> Verzonden: woensdag 21 juli 2021 19:16
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] unable to Kerberos NFS mount after machine 
> off overnight
> 
> Hi.
> 
> I have many Linux clients running winbind from  Samba 4.13.10 
> joined to 
> our Samba 4.13.10 AD server, and mounting using Kerberos from 
> multiple 
> NFS servers.   If a machine stays on all the time, everything works 
> fine.  If the machine is rebooted, everything also works as 
> expected.  
> On the other hand, if the machine is turned off, say overnight, then 
> when it is turned back on in the morning, the machine gets a 
> "permission 
> denied" for all NFS mounts.  I believe the machine is still joined to 
> the domain.  For example, I can successfully "getent passwd 
> <user>".  I 
> can "kinit <user>".  Everything works fine but NFS!  If I re-join the 
> domain, then I can mount NFS shares from this machine right 
> away without 
> even a reboot.  I imagine there's some kind of "check in" 
> timeout that 
> is being exceeded.  If so, how often does this happen, and 
> can I make it 
> happen less frequently?
> 
> Thanks!
> 
> Jason.
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list