similar to: newbie question reguarding kerberos tickets

Hello, I have two issues with Kerberos administration using Samba and this results from my lack of familiarity with it. I am hoping someone can point me in the right direction. The first issue is with automatically renewing the Kerberos tickets. The second issue deals with my having to authenticate each time I attempt to join an AD domain. The Samba documentation indicates that I should *not*

Thank you both for the replies and explanation! @douglas Can i set?KRB5CCNAME somewhere so that it uses /home? Where? But even if i could set the env variable i have this odd behavior: I now have 4 vms running. 2 are rocky8 and 2 are rocky9, with same settings and versions I stated on my first post. From the 4 vms, when I ssh into them, 2 of them set a cache file in the users home and the

I have not looked at Kerberos is years. But it looks like KRB5CCNAME comes from: https://github.com/openssh/openssh-portable/blob/master/gss-serv-krb5.c#L134-L197 But it depends on which version of Kerberos you have, and if you are also use PAM. Google for: heimdal kerberos cache name It looks like there is now a SSSD Kerberos Cache Manager rather then storing in individual file. On 6/11/2024

Hi Ralph Boehme, A new system is installed with Ubuntu 24.04.1 and Samba 4.19.5 My hotfolderscan.exe tool runs now on a Windows 2022 system and use the Ubuntu 24 system as Samba share. The hotfolderscan tool has to run 10 hour before the Kerberos ticket renewal. Both on the Ubuntu 24 and the Windows 2022 system, Wireshare is catching the network packages. Tomorrow I hope to see the result. I

Just to show what i mean when i ssh into my vms, 2 vms save the cache in /tmp and the other 2 in /home. See what happens when i run the loop below: > for i in rocky8client rocky9client rocky9server rocky8server; do /usr/bin/sshpass -p password /usr/bin/ssh -l jdoe $i "hostname; klist"; done rocky8client.domain.net Ticket cache: FILE:/tmp/krb5cc_2000_WP04h8h0sa Default

Hello I trying to grasp the file permissions on Linux. I have Samba installed and functioning properly... I think I understand perimission in this environment with one exception: I need to add more than one group to a file/folder. With Windows..the security tab would allow any number of Groups and each group could have different permissions. (As well with files and subdirectories). With

On 10/25/24 10:35 AM, Hans van Leeuwen via samba wrote: > Is seems that Samba doesn't handle the Kerberos ticket renewal on the right way. can you get us two network traces: - last minute before and after session expiry against Samba - last minute before and after session expiry against Windows -slow -- SerNet Samba Team Lead https://sernet.de/ Samba Team Member https://samba.org/

Hi Folks, We're in the process of setting up a Samba cluster (Samba+CTDB+etcd), and we (presently) using Winbind. We use AD. We're finding that the domain join (or kerberos ticket renewal) is unreliable. Every day we find Samba/Winbind is no longer joined to the domain. Now, we're in a bit of a learning curve here, and automating everything with Terraform + Ansible. We have yet to

On 10/29/24 11:17 AM, Hans van Leeuwen wrote: > My hotfolderscan tool start om Monday 2:11 PM en the Kerberos ticket renewal occurs on 11:19 PM. > The hotfolderscantool wrote in the logfile: > 2024-10-28 23:19:00 Error 2 No such file or directory > 2024-10-28 23:19:03 Share available again > > That was after 9:08 hours and that is 32888 seconds. > That time do you also

On 10/1/2020 8:34 AM, Rowland penny via samba wrote: > On 01/10/2020 13:30, Jason Keltz via samba wrote: >> On 10/1/2020 8:28 AM, Rowland penny via samba wrote: >> >>> On 01/10/2020 13:17, Jason Keltz via samba wrote: >>>> So why is it that winbind renews the ticket on the original system, >>>> but on the system that I ssh to, it does not.

On Mon, 12 Feb 2024 09:38:01 +0100 "Pluess, Tobias via samba" <samba at lists.samba.org> wrote: > Good day > > please excuse my delayed response. > Thanks for the hint with the machine account. I will try this. > I realised I can also manually refresh Kerberos tickets. > > I have the following: > > $ klist > Valid starting Expires

Am 03.07.20 um 13:05 schrieb Rowland penny via samba: > On 03/07/2020 11:33, Stefan Just via samba wrote: >> We are using tmux, screen and x2go to run long-running jobs on our >> compute servers. $HOME and other data should be mounted via CIFS or >> NFS4. Because such a job can run for more than a week, I would like to >> increase the Kerberos ticket lifetime or better

I would like to set the renewable lifetime to 90 days. What is the best way to set the Kerberos ticket maximum renewable lifetime. ~# smbd --version Version 4.12.2-Ubuntu ~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator at MYDOM Valid starting Expires Service principal 07/02/20 18:08:16 07/03/20 04:08:16 krbtgt/MYDOM at MYDOM renew until 07/03/20

Hi there: I'm just setting up a Samba as member of an Active Directory Domain. I followed instructions according to a lof of sites that mentions that we must configure NTP, Kerberos, Winbind, among others. Then mention that I should run kinit + bla bla bla. OK this works fine, but I'm not pretty sure about how Kerberos really works with Samba and when tickets are needed: 1. After a

I posted the following a month ago but have only managed to get to fixing on this over the holidays.? Rowland mentions that I needed to add my domain info, it?s now included and I still have the same issue. Thanks and Happy New YearOld post begins below with edits Hello ? I have a problem with my Windows 10 drive connections dropping every 24 hours, very briefly.? It's enough to cause me to

> On 30 Sep 2020, at 21:42, Jason Keltz via samba <samba at lists.samba.org> wrote: > > > On 9/30/2020 3:01 PM, Remy Zandwijk via samba wrote: >>>>> On the client, add: >>>>> >>>>> gensec_gssapi:requested_life_time = <int> # seconds >>>>> >>>>> to smb4.conf. E.g. a ticket life time of one hour:

On Fri, 25 Oct 2024 08:35:08 +0000 Hans van Leeuwen via samba <samba at lists.samba.org> wrote: > Hi Samba engineer, > > We use an Ubuntu 20.04.6 systems as Samba server. > The Samba version is 4.15.13-Ubuntu. > The SMC-Client is a Windows Server 2022 Standard 21H2. > > The hostname of the Ubuntu Samba server is "samba-srv" > On the Windows system, Samba

Hi Samba engineer, We use an Ubuntu 20.04.6 systems as Samba server. The Samba version is 4.15.13-Ubuntu. The SMC-Client is a Windows Server 2022 Standard 21H2. The hostname of the Ubuntu Samba server is "samba-srv" On the Windows system, Samba disk is shared with the command: C:>net use Y: \\samba-srv\customers /u:hans Enter the password for 'hans' to connect to

Hi list,I want to make winbind kerberos ticket refresh work but I couldn't do it with configuration below: ------ smb.conf ------security = ADS workgroup = MYDOMAINrealm = MYDOMAIN.ORG log file = /var/log/samba/%m.loglog level = 6enable core files = no idmap config * : backend = tdbidmap config * : range = 3000-7999idmap config MYDOMAIN : backend = rid idmap config MYDOMAIN : range =

Hallo again, I would like to ask if there exists any possibility to have a Samba mount point with multiuser and with a credentials file or something similar. After a couple weeks testing I just find that my shares get disconnected after one week, which is not acceptable: I have stored some large project files on the Samba share which is opened in some calculation software, and simulations take up