Displaying 20 results from an estimated 10000 matches similar to: "Kerberos ticket lifetime"
2020 Sep 30
2
Kerberos ticket lifetime
On 9/30/2020 11:15 AM, Rowland penny via samba wrote:
> On 30/09/2020 15:51, Jason Keltz via samba wrote:
>> Hi.
>>
>> I have a question about Kerberos ticket lifetime in AD with Samba.
>>
>> I'm running on CentOS 7 with Samba 4.11.? If I change 
>> "ticket_lifetime=24h" on the AD server /etc/krb5.conf, or the client 
>> /etc.krb5.conf, it
2020 Sep 30
0
Kerberos ticket lifetime
Hi Jason,
> On 30 Sep 2020, at 17:38, Jason Keltz via samba <samba at lists.samba.org> wrote:
> 
> 
> On 9/30/2020 11:15 AM, Rowland penny via samba wrote:
>> On 30/09/2020 15:51, Jason Keltz via samba wrote:
>>> Hi.
>>> 
>>> I have a question about Kerberos ticket lifetime in AD with Samba.
>>> 
>>> I'm running on CentOS 7
2020 Sep 30
0
Kerberos ticket lifetime
On 30/09/2020 15:51, Jason Keltz via samba wrote:
> Hi.
>
> I have a question about Kerberos ticket lifetime in AD with Samba.
>
> I'm running on CentOS 7 with Samba 4.11.? If I change 
> "ticket_lifetime=24h" on the AD server /etc/krb5.conf, or the client 
> /etc.krb5.conf, it doesn't seem to make a difference. When I log out 
> and back in to the client?
2020 Oct 01
2
Kerberos ticket lifetime
On 01/10/2020 00:23, Jason Keltz via samba wrote:
>
> Remy,
>
> On the domain controller (samba-ad-dc), I have in the config: kdc:user 
> ticket lifetime = 24
I do not recognise that smb.conf option, could this be another freebsd 
change that was never sent upstream or, if it was, it was rejected ?
>
> When I login to the client (which is using pam_winbind module), I have 
2020 Sep 30
3
Kerberos ticket lifetime
> On 30 Sep 2020, at 21:42, Jason Keltz via samba <samba at lists.samba.org> wrote:
> 
> 
> On 9/30/2020 3:01 PM, Remy Zandwijk via samba wrote:
>>>>> On the client, add:
>>>>> 
>>>>> gensec_gssapi:requested_life_time = <int> # seconds
>>>>> 
>>>>> to smb4.conf. E.g. a ticket life time of one hour:
2020 Oct 02
5
Kerberos ticket lifetime
On 02/10/2020 13:24, Jason Keltz via samba wrote:
> Hi Louis,
>
> I had already done that at one point.
>
> My pam_winbind is already working.? I can SSH to the system, and I get 
> a proper ticket.? My only issue is that it doesn't refresh the ticket 
> before expiry when I ssh to a system.? I think I can script around 
> that and just not rely on winbind to do it.
2020 Oct 01
1
Kerberos ticket lifetime
On 01/10/2020 11:22, Remy Zandwijk wrote:
>
>
>> On 1 Oct 2020, at 10:31, Rowland penny via samba 
>> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>>
>> On 01/10/2020 00:23, Jason Keltz via samba wrote:
>>>
>>> Remy,
>>>
>>> On the domain controller (samba-ad-dc), I have in the config: 
2020 Oct 01
2
Kerberos ticket lifetime
On 10/1/2020 8:34 AM, Rowland penny via samba wrote:
> On 01/10/2020 13:30, Jason Keltz via samba wrote:
>> On 10/1/2020 8:28 AM, Rowland penny via samba wrote:
>>
>>> On 01/10/2020 13:17, Jason Keltz via samba wrote:
>>>> So why is it that winbind renews the ticket on the original system, 
>>>> but on the system that I ssh to, it does not.
2020 Oct 01
2
Kerberos ticket lifetime
On 10/1/2020 8:41 AM, Rowland penny via samba wrote:
> On 01/10/2020 13:38, Jason Keltz via samba wrote:
>> On 10/1/2020 8:34 AM, Rowland penny via samba wrote:
>>
>>> On 01/10/2020 13:30, Jason Keltz via samba wrote:
>>>> On 10/1/2020 8:28 AM, Rowland penny via samba wrote:
>>>>
>>>>> On 01/10/2020 13:17, Jason Keltz via samba wrote:
2020 Oct 01
0
Kerberos ticket lifetime
> On 1 Oct 2020, at 10:31, Rowland penny via samba <samba at lists.samba.org> wrote:
> 
> On 01/10/2020 00:23, Jason Keltz via samba wrote:
>> 
>> Remy,
>> 
>> On the domain controller (samba-ad-dc), I have in the config: kdc:user ticket lifetime = 24
> I do not recognise that smb.conf option, could this be another freebsd change that was never sent
2020 Oct 01
2
Kerberos ticket lifetime
On 9/30/2020 7:23 PM, Jason Keltz wrote:
> On 9/30/2020 4:11 PM, Remy Zandwijk via samba wrote:
>
>>> On 30 Sep 2020, at 21:42, Jason Keltz via samba 
>>> <samba at lists.samba.org> wrote:
>>>
>>>
>>> On 9/30/2020 3:01 PM, Remy Zandwijk via samba wrote:
>>>>>>> On the client, add:
>>>>>>>
2020 Oct 01
2
Kerberos ticket lifetime
On 10/1/2020 4:10 PM, Rowland penny via samba wrote:
> On 01/10/2020 20:47, Jason Keltz via samba wrote:
>>
>> Hi Rowland,
>>
>> In my case, I think I may know why pam_winbind is not renewing the 
>> ticket before it expires.
>>
> I don't think it matters about the extra characters in the ticket 
> name, I think the ticket search looks for a ticket
2020 Oct 02
4
Kerberos ticket lifetime
Maybe its.. 
authconfig --enablewinbindkrb5 --update 
Requirements to achieve this:
- A valid /etc/krb5.conf
- A valid system keytab /etc/krb5.keytab
- A valid /etc/samba/smb.conf -> will be modified by authconfig 
( found on internet worked in centos7  ) 
But better read.. 
https://sssd.io/docs/users/pam_krb5_migration.html 
Greetz, 
Louis
 
> -----Oorspronkelijk bericht-----
>
2020 Oct 01
2
Kerberos ticket lifetime
On 10/1/2020 8:28 AM, Rowland penny via samba wrote:
> On 01/10/2020 13:17, Jason Keltz via samba wrote:
>> So why is it that winbind renews the ticket on the original system, 
>> but on the system that I ssh to, it does not.
>
> Do you have 'winbind refresh tickets = yes' set on all the systems ?
Absolutely.? In fact,? both systems are using the identical smb.conf, 
2019 Aug 19
3
How does "winbind refresh tickets" work?
Hi list,I want to make winbind kerberos ticket refresh work but I couldn't do it with configuration below:
------ smb.conf ------security = ADS
workgroup = MYDOMAINrealm = MYDOMAIN.ORG
log file = /var/log/samba/%m.loglog level = 6enable core files = no
idmap config * : backend = tdbidmap config * : range = 3000-7999idmap config MYDOMAIN : backend = rid
idmap config MYDOMAIN : range =
2020 Jul 03
2
Kerberos ticket maximum renewable lifetime
We are using tmux, screen and x2go to run long-running jobs on our
compute servers. $HOME and other data should be mounted via CIFS or
NFS4. Because such a job can run for more than a week, I would like to
increase the Kerberos ticket lifetime or better the Kerberos ticket
maximum renewable lifetime.
I found this guide:
https://wiki.samba.org/index.php/Samba_KDC_Settings
Unfortunately, only
2020 Jul 28
2
kerberos ticket on login problem
I'm experimenting with smb + winbind.
My host is joined to AD and I can login to my host fine using my AD 
credentials via SSH.?? The only issue is that I don't get a Kerberos 
ticket generated.
In /etc/security/pam_winbind.conf I have:
krb5_auth = yes
krb5_ccache_type = KEYRING
In /etc/krb5.conf, I also have:
default_ccache_name = KEYRING:persistent:%{uid}
Using wbinfo -K jas, then
2020 Sep 30
2
Kerberos ticket lifetime
> I hope that you're doing well...
I am, thanks. I still need to answer your private email, but I didn't find time yet.
>>> On the client, add:
>>> 
>>> gensec_gssapi:requested_life_time = <int> # seconds
>>> 
>>> to smb4.conf. E.g. a ticket life time of one hour:
>>> 
>>> gensec_gssapi:requested_life_time = 3600
2020 Sep 30
0
Kerberos ticket lifetime
On 9/30/2020 4:11 PM, Remy Zandwijk via samba wrote:
>> On 30 Sep 2020, at 21:42, Jason Keltz via samba <samba at lists.samba.org> wrote:
>>
>>
>> On 9/30/2020 3:01 PM, Remy Zandwijk via samba wrote:
>>>>>> On the client, add:
>>>>>>
>>>>>> gensec_gssapi:requested_life_time = <int> # seconds
2020 Jul 03
3
Kerberos ticket maximum renewable lifetime
Am 03.07.20 um 13:05 schrieb Rowland penny via samba:
> On 03/07/2020 11:33, Stefan Just via samba wrote:
>> We are using tmux, screen and x2go to run long-running jobs on our
>> compute servers. $HOME and other data should be mounted via CIFS or
>> NFS4. Because such a job can run for more than a week, I would like to
>> increase the Kerberos ticket lifetime or better