Jose Perez
2009-Aug-29 21:18 UTC
[Samba] How are tickets used by Samba in an Active Directory environment?
Hi there: I'm just setting up a Samba as member of an Active Directory Domain. I followed instructions according to a lof of sites that mentions that we must configure NTP, Kerberos, Winbind, among others. Then mention that I should run kinit + bla bla bla. OK this works fine, but I'm not pretty sure about how Kerberos really works with Samba and when tickets are needed: 1. After a ticket expires Samba still works fine, users can access shares without problems. Why? 2. Do I need to renew a ticket to get some functionality work after or before doing something? 3. Who's reponsible of renewing tickets? I was searching at Google about Samba, Kerberos, Active Directory and tickets purporse but I didn't find a good explanation. I'd just like to know if I just configure some Kerberos params at the Active Directory Server, or maybe configure a cron to renew tickets or maybe if I just should run kinit once and then forget about Kerberos forever. Could someone point me to a link where some good explanation about these components if available? Because I'm about to release a server in production and I want to be careful. Thanks a lot
Michael Wood
2009-Aug-29 23:50 UTC
[Samba] How are tickets used by Samba in an Active Directory environment?
Hi 2009/8/29 Jose Perez <jvoorhees1 at gmail.com>:> Hi there: > > I'm just setting up a Samba as member of an Active Directory Domain. I[...]> I was searching at Google about Samba, Kerberos, Active Directory and > tickets purporse but I didn't find a good explanation. I'd just like to know > if I just configure some Kerberos params at the Active Directory Server, or > maybe configure a cron to renew tickets or maybe if I just should run kinit > once and then forget about Kerberos forever.I *think* that you run kinit only to test that Kerberos is working properly and that the kinit command you run has nothing to do with Samba. My Kerberos knowledge is a little lacking, but I think the Wikipedia article has a nice description: http://en.wikipedia.org/wiki/Kerberos_%28protocol%29 Where it refers to "Service Server" or "SS" you should read it as "Samba".> Could someone point me to a link where some good explanation about these > components if available? Because I'm about to release a server in production > and I want to be careful.-- Michael Wood <esiotrot at gmail.com>