search for: ticket_lifetime

...sie-srag (10.143.31.100) closed connection to service tmp A w2k client can't log on my samba server. Here's my krb5.conf : [logging] default = FILE:/var/log/kerberos/krb5libs.log kdc = FILE:/var/log/kerberos/krb5kdc.log admin_server = FILE:/var/log/kerberos/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = DRAF.FC default_tgs_enctypes = des-cbc-crc des-cbc-md5 default_tkt_enctypes = des-cbc-crc des-cbc-md5 permitted_enctypes = des-cbc-crc des-cbc-md5 #default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc #default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc #permitted_enctypes =...

Hi. I have a question about Kerberos ticket lifetime in AD with Samba. I'm running on CentOS 7 with Samba 4.11.? If I change "ticket_lifetime=24h" on the AD server /etc/krb5.conf, or the client /etc.krb5.conf, it doesn't seem to make a difference. When I log out and back in to the client? (that is using pam_winbind), I still get a 10 hour ticket time.? I found this page: https://wiki.samba.org/index.php/Samba_KDC_Settings a...

...log size = 50 security = ads realm = ch.domain.intern password server = wsvch01 wsvch02 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 my krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = CH.DOMAIN.INTERN # default_tgs_enctypes = des-cbc-crc des-cbc-md5 # default_tkt_enctypes = des-cbc-crc des-cbc-md5 forwardable = true proxiable = true dns_lookup_realm = false dns_lookup_kdc = false [realms] CH.DOMAIN.INTERN = { kdc = wsvch01.ch.domain.intern:88 default_dom...

...nly = No winbind use default domain = Yes winbind nss info = rfc2307 winbind enum users = Yes winbind enum groups = Yes winbind refresh tickets = Yes winbind cache time = 5 krb.conf [libdefaults] default_realm = FOREST.INT.DOMAIN.COM dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d

...getent passwd returns nothing. Any help would be appreciated. krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = TESTNET.LOCAL dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifefime = 36000 forwardable = true krb4_convert = false } smb.conf [global] workgroup = TESTNET realm = TESTNET.LOCAL security = ADS domai...

...8-1.el5_2.1 samba-3.0.28-1.el5_2.1 my domain name is===> baladia.local Windows 2003 AD server computer name is====> kmun my /etc/krb5.conf file is ---- [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime=24000 default_realm=BALADIA.LOCAL dns_lookup_realm = false dns_lookup_kdc = false [realms] BALADIA.LOCAL={ kdc=172.16.2.227:88 # admin_server=kmun.baladia.local:749 default_domain=BALADIA.LOCAL kdc=BALADIA.LOCAL } [domain_realm] .baladia.local=BALADIA.LOCAL baladia.local=BALADIA.LOCAL...

...yes #inherit acls = yes #inherit permissions = yes My krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = DOMAIN.COM dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = yes [realms] DOMAIN.COM = { kdc = projects01.DOMAIN.com admin_server = 192.168.1.223 default_domain = DOMAIN.com } [domain_realm] .kerberos.server = DOMAIN.COM .DOMAIN.com = DOMAIN.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefau...

...cl group control = yes load printers = no debug level = 3 use sendfile = no log level = 10 strict allocate = yes acl allow execute always = True username map = /etc/samba/usermap.txt [libdefaults] default_realm = DOMAIN clockskew = 300 ticket_lifetime = 3d renew_lifetime = 7d forwardable = true proxiable = true dns_lookup_realm = true dns_lookup_kdc = true [realms] DOMAIN = { default_domain = DOMAIN auth_to_local = RULE...

...=========================== [homes] comment = Home Directories browseable = no writable = yes ############## And here's krb5.conf: ############## [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] # ticket_lifetime = 24000 default_realm = W2K3.TEST # dns_lookup_realm = false # dns_lookup_kdc = false [realms] W2K3.TEST = { kdc = test-dc.w2k3.test:88 admin_server = test-dc.w2k3.test:749 default_domain = w2k3.test } [domain_realm] .w2k3.test = W2K3.TEST w2k3.test = W2K3.TEST [kdc] # profile = /va...

...y to get the output from testparm on Monday. krb5.conf file looks like this: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = LAN.XXXX.CO.UK dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] LAN.XXXX.CO.UK = { kdc = 192.168.3.1 admin_server = 192.168.3.1 default_domain = LAN.XXXX.CO.UK } [domain_realm] .lan.xxxx.co.uk = LAN.XXXX.CO.UK lan.xxxx.co.uk = LAN.XXXX.CO.UK [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { deb...

On 9/30/2020 11:15 AM, Rowland penny via samba wrote: > On 30/09/2020 15:51, Jason Keltz via samba wrote: >> Hi. >> >> I have a question about Kerberos ticket lifetime in AD with Samba. >> >> I'm running on CentOS 7 with Samba 4.11.? If I change >> "ticket_lifetime=24h" on the AD server /etc/krb5.conf, or the client >> /etc.krb5.conf, it doesn't seem to make a difference. When I log out >> and back in to the client? (that is using pam_winbind), I still get a >> 10 hour ticket time.? I found this page: >> >> https://wi...

...4.4.125 nameserver 10.8.246.38 /krb5.conf: [logging] default = FILE:/var/log/samba/krb5libs.log kdc = FILE:/var/log/samba/krb5kdc.log admin_server = FILE:/var/log/samba/kadmind.log [libdefaults] default_realm = DEVTST-CORP.GO2UTI.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = true [realms] DEVTST-CORP.GO2UTI.COM = { kdc = sinmdp04.devtst-corp.go2uti.com:88 admin_server = sinmdp04.devtst-corp.go2uti.com:749 default_domain = DEVTST-CORP } [domain_realm] .devtst-corp.go2uti.com = DEVTST-CORP.GO2UTI.COM devtst-corp.go2uti.com = DE...

...s [printers] ?? comment = All Printers ?? path = /var/spool/samba ?? browseable = no ?? guest ok = no ?? writable = no ?? printable = yes ? ? /etc/krb5.conf ? [logging] ?default = FILE:/var/log/krb5libs.log ?kdc = FILE:/var/log/krb5kdc.log ?admin_server = FILE:/var/log/kadmind.log ? [libdefaults] ?#ticket_lifetime = 24000 ?default_realm = DOMAIN.HOME ?dns_lookup_realm = false ?dns_lookup_kdc = false ? [realms] ?DOMAIN.HOME = { ? kdc = 10.1.5.11 ? admin_server = 10.1.5.11 ? default_domain = DOMAIN.HOME ?} ? [domain_realm] ?.DOMAIN.home = DOMAIN.HOME ?DOMAIN.home = DOMAIN.HOME ? [kdc] ?profile = /var/kerberos/...

...50 log level = 3 password server = 192.168.0.30 5. The following is our lmhosts file 127.0.0.1 localhost 192.18.0.30 sridharg.TESTADS.NET 6. The following is our KRB5.conf file [libdefaults] ticket_lifetime = 24h forwardable = yes default_realm = TESTADS.NET dns_lookup_kdc = false dns_lookup_realm = false [logging] admin_server = FILE:/var/log/...

...tional configs: krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log kdc = SYSLOG:INFO:AUTH admin_server = FILE:/var/log/kadmind.log admin_server = SYSLOG:INFO:AUTH [libdefaults] default_realm = SECLAB dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } [realms] SECLAB = { kdc = seclab.security.lab.net:88 default_domain = seclab.security.lab.net } .seclab.security.lab.net = SE...

...winbind trusted domains only = Yes cups options = raw My krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = GALILEU-F.GALILEU.PT dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] GALILEU-F.GALILEU.PT = { kdc = jupiter.galileu-f.galileu.pt admin_server = jupiter.galileu-f.galileu.pt default_domain = galileu-f.galileu.pt } [domain_realm] .jupiter.galileu-f.galileu.pt = GALILEU-F.GALILEU.PT .galileu-f.galileu.pt = GALILEU-F.GALILEU.P...

...k. Any help would be greatful. Cheers. Config files below: /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = MYDOMAIN.LOCAL dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] MYDOMAIN.LOCAL = { kdc = mans01 admin_server = mans01 default_domain = mydomain.local } [domain_realm] .mydomain.local = MYDOMAIN.LOCAL mydomain.local = MYDOMAIN.LOCAL [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime...

...found session setup failed: NT_STATUS_OK But without the -k, it works without problem. Has someone any idea ? Thanks. Here is my krb5.conf file : [logging] default = FILE:/var/log/krb5/libs.log kdc = FILE:/var/log/krb5/kdc.log admin_server = FILE:/var/log/krb5/admin.log [libdefaults] ticket_lifetime = 24000 default_realm = IRCAD.FR default_tgs_enctypes = des-cbc-crc des-cbc-md5 default_tkt_enctypes = des-cbc-crc des-cbc-md5 forwardable = true proxiable = true dns_lookup_realm = true dns_lookup_kdc = true [realms] IRCAD.FR = { kdc = ircadsrv.ircad.fr:88 default_domain =...

...from the domain name. winbind separator = @ idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users=yes winbind enum groups=yes /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = DOMAIN [realms] DOMAIN = { kdc = CONTROLLER } [domain_realm] CONTROLLER = DOMAIN [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert...

...ecurity = ADS password server = 10.10.11.1(IP of the machine running Active directory) encrypt passwords = yes dns proxy = no And here is my krb5.conf. [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = NIIT.EDU.PK dns_lookup_realm = false dns_lookup_kdc = false forwardable = true default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc [realms] NIIT.EDU.PK = { kdc = mnsvr.niit.edu.pk:88 admin_server = mnsvr.niit.edu.pk:749 default_domain = niit....