On 10/1/2020 8:28 AM, Rowland penny via samba wrote:> On 01/10/2020 13:17, Jason Keltz via samba wrote: >> So why is it that winbind renews the ticket on the original system, >> but on the system that I ssh to, it does not. > > Do you have 'winbind refresh tickets = yes' set on all the systems ?Absolutely.? In fact,? both systems are using the identical smb.conf, identical PAM configuration, and idential pam_winbind.conf. Jason.
On 01/10/2020 13:30, Jason Keltz via samba wrote:> On 10/1/2020 8:28 AM, Rowland penny via samba wrote: > >> On 01/10/2020 13:17, Jason Keltz via samba wrote: >>> So why is it that winbind renews the ticket on the original system, >>> but on the system that I ssh to, it does not. >> >> Do you have 'winbind refresh tickets = yes' set on all the systems ? > > Absolutely.? In fact,? both systems are using the identical smb.conf, > identical PAM configuration, and idential pam_winbind.conf. > > Jason. > >Thinking about it, when you login via ssh, PAM via pam-winbind should get you a new ticket on that client. Rowland
On 10/1/2020 8:34 AM, Rowland penny via samba wrote:> On 01/10/2020 13:30, Jason Keltz via samba wrote: >> On 10/1/2020 8:28 AM, Rowland penny via samba wrote: >> >>> On 01/10/2020 13:17, Jason Keltz via samba wrote: >>>> So why is it that winbind renews the ticket on the original system, >>>> but on the system that I ssh to, it does not. >>> >>> Do you have 'winbind refresh tickets = yes' set on all the systems ? >> >> Absolutely.? In fact,? both systems are using the identical smb.conf, >> identical PAM configuration, and idential pam_winbind.conf. >> >> Jason. >> >> > Thinking about it, when you login via ssh, PAM via pam-winbind should > get you a new ticket on that client.It did do that.? However, I left myself logged in intentionally for > 10 hours on the system and winbind didn't auto renew the ticket.? It did renew it when I *re*sshed, but it should have renewed it on the connection that was left open as well.? On the system where I logged in via GNOME and left it for > 10 hours, it did renew it. Jason.