Displaying 20 results from an estimated 10000 matches similar to: "Kerberos ticket lifetime"
2020 Sep 30
2
Kerberos ticket lifetime
On 9/30/2020 11:15 AM, Rowland penny via samba wrote:
> On 30/09/2020 15:51, Jason Keltz via samba wrote:
>> Hi.
>>
>> I have a question about Kerberos ticket lifetime in AD with Samba.
>>
>> I'm running on CentOS 7 with Samba 4.11.? If I change
>> "ticket_lifetime=24h" on the AD server /etc/krb5.conf, or the client
>> /etc.krb5.conf, it
2020 Sep 30
0
Kerberos ticket lifetime
Hi Jason,
> On 30 Sep 2020, at 17:38, Jason Keltz via samba <samba at lists.samba.org> wrote:
>
>
> On 9/30/2020 11:15 AM, Rowland penny via samba wrote:
>> On 30/09/2020 15:51, Jason Keltz via samba wrote:
>>> Hi.
>>>
>>> I have a question about Kerberos ticket lifetime in AD with Samba.
>>>
>>> I'm running on CentOS 7
2020 Sep 30
0
Kerberos ticket lifetime
On 30/09/2020 15:51, Jason Keltz via samba wrote:
> Hi.
>
> I have a question about Kerberos ticket lifetime in AD with Samba.
>
> I'm running on CentOS 7 with Samba 4.11.? If I change
> "ticket_lifetime=24h" on the AD server /etc/krb5.conf, or the client
> /etc.krb5.conf, it doesn't seem to make a difference. When I log out
> and back in to the client?
2020 Oct 01
2
Kerberos ticket lifetime
On 01/10/2020 00:23, Jason Keltz via samba wrote:
>
> Remy,
>
> On the domain controller (samba-ad-dc), I have in the config: kdc:user
> ticket lifetime = 24
I do not recognise that smb.conf option, could this be another freebsd
change that was never sent upstream or, if it was, it was rejected ?
>
> When I login to the client (which is using pam_winbind module), I have
2020 Sep 30
3
Kerberos ticket lifetime
> On 30 Sep 2020, at 21:42, Jason Keltz via samba <samba at lists.samba.org> wrote:
>
>
> On 9/30/2020 3:01 PM, Remy Zandwijk via samba wrote:
>>>>> On the client, add:
>>>>>
>>>>> gensec_gssapi:requested_life_time = <int> # seconds
>>>>>
>>>>> to smb4.conf. E.g. a ticket life time of one hour:
2020 Oct 02
5
Kerberos ticket lifetime
On 02/10/2020 13:24, Jason Keltz via samba wrote:
> Hi Louis,
>
> I had already done that at one point.
>
> My pam_winbind is already working.? I can SSH to the system, and I get
> a proper ticket.? My only issue is that it doesn't refresh the ticket
> before expiry when I ssh to a system.? I think I can script around
> that and just not rely on winbind to do it.
2020 Oct 01
1
Kerberos ticket lifetime
On 01/10/2020 11:22, Remy Zandwijk wrote:
>
>
>> On 1 Oct 2020, at 10:31, Rowland penny via samba
>> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>>
>> On 01/10/2020 00:23, Jason Keltz via samba wrote:
>>>
>>> Remy,
>>>
>>> On the domain controller (samba-ad-dc), I have in the config:
2020 Oct 01
2
Kerberos ticket lifetime
On 10/1/2020 8:34 AM, Rowland penny via samba wrote:
> On 01/10/2020 13:30, Jason Keltz via samba wrote:
>> On 10/1/2020 8:28 AM, Rowland penny via samba wrote:
>>
>>> On 01/10/2020 13:17, Jason Keltz via samba wrote:
>>>> So why is it that winbind renews the ticket on the original system,
>>>> but on the system that I ssh to, it does not.
2020 Oct 01
2
Kerberos ticket lifetime
On 10/1/2020 8:41 AM, Rowland penny via samba wrote:
> On 01/10/2020 13:38, Jason Keltz via samba wrote:
>> On 10/1/2020 8:34 AM, Rowland penny via samba wrote:
>>
>>> On 01/10/2020 13:30, Jason Keltz via samba wrote:
>>>> On 10/1/2020 8:28 AM, Rowland penny via samba wrote:
>>>>
>>>>> On 01/10/2020 13:17, Jason Keltz via samba wrote:
2020 Oct 01
0
Kerberos ticket lifetime
> On 1 Oct 2020, at 10:31, Rowland penny via samba <samba at lists.samba.org> wrote:
>
> On 01/10/2020 00:23, Jason Keltz via samba wrote:
>>
>> Remy,
>>
>> On the domain controller (samba-ad-dc), I have in the config: kdc:user ticket lifetime = 24
> I do not recognise that smb.conf option, could this be another freebsd change that was never sent
2020 Oct 01
2
Kerberos ticket lifetime
On 9/30/2020 7:23 PM, Jason Keltz wrote:
> On 9/30/2020 4:11 PM, Remy Zandwijk via samba wrote:
>
>>> On 30 Sep 2020, at 21:42, Jason Keltz via samba
>>> <samba at lists.samba.org> wrote:
>>>
>>>
>>> On 9/30/2020 3:01 PM, Remy Zandwijk via samba wrote:
>>>>>>> On the client, add:
>>>>>>>
2020 Oct 01
2
Kerberos ticket lifetime
On 10/1/2020 4:10 PM, Rowland penny via samba wrote:
> On 01/10/2020 20:47, Jason Keltz via samba wrote:
>>
>> Hi Rowland,
>>
>> In my case, I think I may know why pam_winbind is not renewing the
>> ticket before it expires.
>>
> I don't think it matters about the extra characters in the ticket
> name, I think the ticket search looks for a ticket
2020 Oct 02
4
Kerberos ticket lifetime
Maybe its..
authconfig --enablewinbindkrb5 --update
Requirements to achieve this:
- A valid /etc/krb5.conf
- A valid system keytab /etc/krb5.keytab
- A valid /etc/samba/smb.conf -> will be modified by authconfig
( found on internet worked in centos7 )
But better read..
https://sssd.io/docs/users/pam_krb5_migration.html
Greetz,
Louis
> -----Oorspronkelijk bericht-----
>
2020 Oct 01
2
Kerberos ticket lifetime
On 10/1/2020 8:28 AM, Rowland penny via samba wrote:
> On 01/10/2020 13:17, Jason Keltz via samba wrote:
>> So why is it that winbind renews the ticket on the original system,
>> but on the system that I ssh to, it does not.
>
> Do you have 'winbind refresh tickets = yes' set on all the systems ?
Absolutely.? In fact,? both systems are using the identical smb.conf,
2020 Jul 28
2
kerberos ticket on login problem
I'm experimenting with smb + winbind.
My host is joined to AD and I can login to my host fine using my AD
credentials via SSH.?? The only issue is that I don't get a Kerberos
ticket generated.
In /etc/security/pam_winbind.conf I have:
krb5_auth = yes
krb5_ccache_type = KEYRING
In /etc/krb5.conf, I also have:
default_ccache_name = KEYRING:persistent:%{uid}
Using wbinfo -K jas, then
2020 Jul 03
2
Kerberos ticket maximum renewable lifetime
We are using tmux, screen and x2go to run long-running jobs on our
compute servers. $HOME and other data should be mounted via CIFS or
NFS4. Because such a job can run for more than a week, I would like to
increase the Kerberos ticket lifetime or better the Kerberos ticket
maximum renewable lifetime.
I found this guide:
https://wiki.samba.org/index.php/Samba_KDC_Settings
Unfortunately, only
2019 Aug 19
3
How does "winbind refresh tickets" work?
Hi list,I want to make winbind kerberos ticket refresh work but I couldn't do it with configuration below:
------ smb.conf ------security = ADS
workgroup = MYDOMAINrealm = MYDOMAIN.ORG
log file = /var/log/samba/%m.loglog level = 6enable core files = no
idmap config * : backend = tdbidmap config * : range = 3000-7999idmap config MYDOMAIN : backend = rid
idmap config MYDOMAIN : range =
2020 Jul 29
1
kerberos ticket on login problem
On 7/28/2020 4:11 PM, Jason Keltz wrote:
>
> On 7/28/2020 3:59 PM, Jason Keltz via samba wrote:
>> I'm experimenting with smb + winbind.
>>
>> My host is joined to AD and I can login to my host fine using my AD
>> credentials via SSH.?? The only issue is that I don't get a Kerberos
>> ticket generated.
>>
>> In
2018 Jul 23
3
Failed to establish your Kerberos Ticket cache due time differences with the domain controller
Thanks Louis. Results below.
> Hai,
>
> I've reading this thread more closely.
>
> I suggest you try the followoing.
>
> Check the servers hardware clock in the bios first.
> Set these within 5 min, if they are not about the same.
>
There no RTC in the pi; the other DC is running in a VM with RTC set to UTC. I have disabled the guest from getting the time
2020 Sep 30
2
Kerberos ticket lifetime
> I hope that you're doing well...
I am, thanks. I still need to answer your private email, but I didn't find time yet.
>>> On the client, add:
>>>
>>> gensec_gssapi:requested_life_time = <int> # seconds
>>>
>>> to smb4.conf. E.g. a ticket life time of one hour:
>>>
>>> gensec_gssapi:requested_life_time = 3600