I'm running into the same problem, only with slightly different software
(Windows 2k3 AD server, Samba 3.0.11, OpenBSD 3.6). For people like me
who have little to no Kerberos experience, i'm guessing this is a
common problem. Does anyone have a solution, or a pointer to
documentation that describes a solution?
On Tuesday 01 March 2005 08:35 pm, Scarry, Robert wrote:>I have the following scenario.
>
>Windows 2K Active Dir server, Samba 3.0.7 running on Solaris 2.8.
>
>Running MIT Kerberos to join and authenticate with the AD. Things
> work ok, can join the domain, and can access the samba server from
> trusted domains as well as local domain.
>
>However, when doing 'kinit' I have found that the default ticket
life
> was for 24 hours is seemed. After I reboot the solaris / samba
> server the Kerberos token was gone, and I had to manually generate a
> new ticket and do a 'net ads join' again to get the server back
up..
>
>I found that I can us the "-d" option with kinit to increase the
> ticket life and did so to 500 days. Reboot the server and the token
> is gone again.. Have to then do a 'kinit' again as well as a
'net ads
> join' to get things running again.
>
>I read that I should not have a /etc/krb5.conf due to locking things
> down to one kdc only. Any ideas?
--
------------------------------------------------------------------------
Dan Ramaley
Digital Media Library Specialist
(515) 271-1934
Cowles Library 140, Drake University