search for: renew_lifetim

...e default domain = Yes winbind nss info = rfc2307 winbind enum users = Yes winbind enum groups = Yes winbind refresh tickets = Yes winbind cache time = 5 krb.conf [libdefaults] default_realm = FOREST.INT.DOMAIN.COM dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d

...ecksum_type = 2 checksum_type = 2 ccache_type = 1 forwardable = true proxiable = true [realms] DRAF.FC = { kdc = draffc3.draf.fc default_domain = DRAFFCOMTE } [domain_realm] .draf.fc = DRAF.FC [kdc] profile = /etc/kerberos/krb5kdc/kdc.conf [pam] debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false [appdefaults] pam = { debug = true ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = true afs_cells = draffc3.draf.fc hosts = draffc3.draf.fc max_timeout = 30 timeout_shift = 2 initial_timeout = 1 } [log...

...ls = yes #inherit permissions = yes My krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = DOMAIN.COM dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = yes [realms] DOMAIN.COM = { kdc = projects01.DOMAIN.com admin_server = 192.168.1.223 default_domain = DOMAIN.com } [domain_realm] .kerberos.server = DOMAIN.COM .DOMAIN.com = DOMAIN.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug...

...ters = no debug level = 3 use sendfile = no log level = 10 strict allocate = yes acl allow execute always = True username map = /etc/samba/usermap.txt [libdefaults] default_realm = DOMAIN clockskew = 300 ticket_lifetime = 3d renew_lifetime = 7d forwardable = true proxiable = true dns_lookup_realm = true dns_lookup_kdc = true [realms] DOMAIN = { default_domain = DOMAIN auth_to_local = RULE:[1:$1@$0](^.*@DOMAIN$)s/@DOMAIN/...

...ity of the mount for as long as it > is accessed, so maybe a better question would be how long a ticket > does your kdc issue for a user. The latter will be the determining > factor, not the upcall. Up to 7 days if renewed within 24h, if I understand correctly (ticket_lifetime = 24h, renew_lifetime = 7d). Thanks for the clarification! > >> >> I am sorry for all these dummy questions, but I really find this >> matter hard to understand. >> >> Thank you very much for your help! >> >> >>>> Would be nice if you could use kerberos on th...

...Many thanks for any help!!! ### /etc/krb5.conf ### [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = COL.MISSOURI.EDU dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] COL.MISSOURI.EDU = { kdc = col.missouri.edu admin_server = col.missouri.edu default_domain = col.missouri.edu kdc = col.missouri.edu } [domain_realm] .missouri.edu = COL.MISSOURI.EDU missouri.edu = COL.MISSOURI.EDU col.missouri.edu = COL.MISSOURI.E...

...resolv.conf search testing.domain.com.au nameserver 192.168.1.10 [root at centos7member ~]# cat /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false # default_realm = EXAMPLE.COM default_ccache_name = KEYRING:persistent:%{uid} [realms] # EXAMPLE.COM = { # kdc = kerberos.example.com # admin_server = kerberos.example.com # } [domain_realm] # .example.com = EXAMPLE.COM # example.com = EXAMPLE.COM Look...

...guest ok = no writable = no printable = yes my /etc/krb.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = XYZ.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = yes [realms] XYZ.COM = { admin_server = int3.xyz.com default_domain = xyz.com kdc = int3.xyz.com } [domain_realm] .kerberos.server = XYZ.COM .zyx.com = XYZ.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36...

...110 (0 toread) [2016/10/10 17:14:50.134030, 3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot) Selected protocol SMB3_00 [libdefaults] default_realm = HEBE.US dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true default_keytab_name = FILE:/etc/krb5.keytab [realms] HEBE.US = { kdc = MAIA.HEBE.US admin_server = MAIA.HEBE.US default_domain = HEBE.US } [domain_realm] .hebe.us = HEBE.US...

...68.0.250 $ cat /etc/krb5.conf (ALTHOUGH THE WIKI DOES STATE ANY CONFIGURATION IS REQUIRED IN THAT FILE) [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false # default_realm = EXAMPLE.COM # Utile ou pas ? default_realm = STUDELEC-SA.COM dns_lookup_kdc = true default_ccache_name = KEYRING:persistent:%{uid} [realms] # EXAMPLE.COM = { # kdc = kerberos.example.com # admin_server = kerberos.example.com # }...

...t and let it work through the system. > > Rowland Well, yes, we can change windows, by allowing/disallowing SMB1. Which might help in detecting whats off.. I would check 3 things here before this is reported as bug. Kerberos/Authentication. krb5.conf, Did you change the : clockskew or renew_lifetime Set only this : [libdefaults] default_realm = YOUR.REALM.TLD dns_lookup_kdc = true dns_lookup_realm = false ;; optinal. ; forwardable = true ; proxiable = true ; ticket_lifetime = 24h << one you can try as LAST option. ; ccache_type = 4 Are the pc's connect...

...= aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5 preferred_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5 dns_lookup_realm = false dns_lookup_kdc = false forwardable = true renewable = true ticket_lifetime = 365d renew_lifetime = 1000d [realms] TEST.SG = { kdc = 4ecapsvsg6.test.sg:88 admin_server = 4ecapsvsg6.test.sg:749 default_domain = test.sg } [domain_realm] .test.sg = TEST.SG test.sg = TEST.SG [appdefaults] pam = { debug = false forwardable = true renewable = true ticket_lifetime = 365d r...

...etting the same errors as before. [libdefaults] default_realm = ELLISONSLEGAL.COM clockskew = 300 [domain_realm] .ELLNET = ELLISONSLEGAL.COM [realms] ELLISONSLEGAL.COM = { kdc = 10.0.0.31 default_domain = ELLNET kpasswd_server = 10.0.0.31 } [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 } Thanks -----Original Message----- From: Penny Willisson Sent: 11 April 2005 14:43 To: 'Gordon Hopper'; 'ernesto.pereirinha@atminformatica.pt' Cc: Dimitri Yioulos; samba@lists.samba.org...

...300 [realms] TQ-NET.DE = { kdc = TQ-DC-1.TQ-NET.DE default_domain = TQG admin_server = TQ-DC-1.TQ-NET.DE } [domain_realm] .tq-net.DE = TQ-NET.DE [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = true retain_after_close = true minimum_uid = 0 try_first_pass = true debug = false } krb5.conf kerberos works fine. ______________________________________...

...[realms] CH.DOMAIN.INTERN = { kdc = wsvch01.ch.domain.intern:88 default_domain = ch.domain.intern } [domain_realm] .ch.domain.intern = CH.DOMAIN.INTERN ch.domain.intern = CH.DOMAIN.INTERN [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } any suggestions? thnx in advance best regards, roman

...s7member ~]# cat /etc/krb5.conf >> [logging] >> default = FILE:/var/log/krb5libs.log >> kdc = FILE:/var/log/krb5kdc.log >> admin_server = FILE:/var/log/kadmind.log >> >> [libdefaults] >> dns_lookup_realm = false >> ticket_lifetime = 24h >> renew_lifetime = 7d >> forwardable = true >> rdns = false >> # default_realm = EXAMPLE.COM >> default_ccache_name = KEYRING:persistent:%{uid} >> >> [realms] >> # EXAMPLE.COM = { >> # kdc = kerberos.example.com >> # admin_server = kerberos.example.com &gt...

...ysvol]        path = /usr/local/samba/var/locks/sysvol        read only = No Content krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false default_realm = DOMAIN.LOCAL default_ccache_name = KEYRING:persistent:%{uid} [realms]# EXAMPLE.COM = {#  kdc = kerberos.example.com#  admin_server = kerberos.example.com# } [domain_realm]# .example.com = EXAMPLE.COM# example.com = EXAMPLE.COM I hope I have pas...

...t; winbind enum users = Yes > winbind enum groups = Yes > winbind refresh tickets = Yes > winbind cache time = 5 > > krb.conf > [libdefaults] > default_realm = FOREST.INT.DOMAIN.COM > dns_lookup_realm = false > dns_lookup_kdc = true > ticket_lifetime = 24h > renew_lifetime = 7d > > Hi, I think your kerberos ticket is expiring, but don't really know why. As Louis as said, you don't need these lines in krb5.conf: ticket_lifetime = 24h renew_lifetime = 7d You also don't need these lines in smb.conf: idmap cache time = 5 idmap negative cache time...

Hai, i compaired your config with my own.. Looks the same and correct to me. try it without these 2 in krb5.conf: >ticket_lifetime = 24h >renew_lifetime = 7d and in smb.conf i dont have > idmap cache time = 5 > idmap negative cache time = 5 > winbind cache time = 5 so i suggest first remove the 2 lines in krb5.conf and test. then if needed the other 2. and your did make sure your time is always in sync? Greetz, louis &g...

...> [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > default_realm = DOMAIN.COM > dns_lookup_realm = true > dns_lookup_kdc = true > ticket_lifetime = 24h > renew_lifetime = 7d > forwardable = yes > > [realms] > DOMAIN.COM = { > kdc = projects01.DOMAIN.com > admin_server = 192.168.1.223 > default_domain = DOMAIN.com > } > > [domain_realm] > .kerberos.server = DOMAIN.COM > .DOMAIN.com = DOMAIN.COM > [kdc] >...