[Samba] Kerberos settings
Rowland Penny
rpenny at samba.org
Mon Feb 27 16:20:05 UTC 2023
On 27/02/2023 15:20, Vaughan, Robert J via samba wrote:
> Hello listers
>
> In our environment there have been some changes in AD to what I think might be default Kerberos settings for tickets
>
> ticket_lifetime has been shortened from 24 hrs (default?) to 10 hrs
>
> renew_lifetime has been set at 7d from a default of no limit?
Can you describe your environment a little better ? I ask because, as
far as I am aware, your changes have always been the defaults.
>
> If this makes sense, just wondering if Samba needs to be aware of this (smb.conf: include system krb5 conf = yes)?, which is the default but I had been using "no" for this .. and then adjust those lines in /etc/krb5.conf?
I do not understand why you have been doing that, it is only supposed to
affect Samba DC's built with MIT
>
> We see a situation where users appear to lose their drive mapping after some period of time where it was working fine, and it made me wonder if it could be related to Kerberos ticket expiration
Do you have 'winbind refresh tickets = yes' set in smb.conf ?
Rowland
More information about the samba
mailing list