samba - Jul 2021 - unable to Kerberos NFS mount after machine off overnight

Hi.

I have many Linux clients running winbind from? Samba 4.13.10 joined to 
our Samba 4.13.10 AD server, and mounting using Kerberos from multiple 
NFS servers.?? If a machine stays on all the time, everything works 
fine.? If the machine is rebooted, everything also works as expected.? 
On the other hand, if the machine is turned off, say overnight, then 
when it is turned back on in the morning, the machine gets a "permission 
denied" for all NFS mounts.? I believe the machine is still joined to 
the domain.? For example, I can successfully "getent passwd
<user>".? I
can "kinit <user>".? Everything works fine but NFS!? If I
re-join the
domain, then I can mount NFS shares from this machine right away without 
even a reboot.? I imagine there's some kind of "check in" timeout
that
is being exceeded.? If so, how often does this happen, and can I make it 
happen less frequently?

Thanks!

Jason.

Ok, now, this needs bit more info.. 
OS is handy to know for us.

Now this..
- many Linux clients Samba 4.13.10
- Samba 4.13.10 AD server, and mounting using Kerberos from multiple NFS servers

Or is it 
- many Linux clients Samba 4.13.10 and mounting using Kerberos from multiple NFS
servers
- Samba 4.13.10 AD server,
( i would expect the last ) 

If a machine stays on all the time?  A machine ? Client ? AD ? Both? 

How do you mount? What did you set? 
And a smb.conf would be nice. 
Im using nfs4 also here, on debian 10 with systemd 
Smb.conf had this 
   # How you can use kerberos (man smb.conf search : kerberos method )
    kerberos method = secrets and keytab
    dedicated keytab file = /etc/krb5.keytab

    # Renew the kerberos ticket or you member its computer password will expire.
    winbind refresh tickets = yes

And the nfs/host.fqdn is set (and in ad + /etc/krb5.keytab ) 

Tell me more and we can find out whats going on here. 

Greetz, 

Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Jason Keltz via samba
> Verzonden: woensdag 21 juli 2021 19:16
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] unable to Kerberos NFS mount after machine 
> off overnight
> 
> Hi.
> 
> I have many Linux clients running winbind from? Samba 4.13.10 
> joined to 
> our Samba 4.13.10 AD server, and mounting using Kerberos from 
> multiple 
> NFS servers.?? If a machine stays on all the time, everything works 
> fine.? If the machine is rebooted, everything also works as 
> expected.? 
> On the other hand, if the machine is turned off, say overnight, then 
> when it is turned back on in the morning, the machine gets a 
> "permission 
> denied" for all NFS mounts.? I believe the machine is still joined to 
> the domain.? For example, I can successfully "getent passwd 
> <user>".? I 
> can "kinit <user>".? Everything works fine but NFS!? If I
re-join the
> domain, then I can mount NFS shares from this machine right 
> away without 
> even a reboot.? I imagine there's some kind of "check in" 
> timeout that 
> is being exceeded.? If so, how often does this happen, and 
> can I make it 
> happen less frequently?
> 
> Thanks!
> 
> Jason.
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>