[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Samba 3.0, ADS, Kerberos

Hello List,
I have successfully integrated samba to an Active Directory Domain, and 
it is authenticating against the ADS, but only while the Kerberos 
ticket is valid. After that period it seems to take only the user/group 
list from its (winbind) cache.

By now i can get a kerberos ticket with "kinit Administrator" or any 
other username that has administrative rights on ADS and all is fine.
But after 8 hours this ticket is no longer valid. How can I renew or 
re-get an (new) ticket automatically? 

I searched many sites and found several solutions, but none worked. 
Probably the best one is about keytabs, which I could generate on The 
Windows System, but kerberos does not seem to use them.

Most of the solutions I found are for MIT kerberos, but I use heimdal 
(as of SuSE 9.0), where e.g. the hints from new zealand's linux wiki
(http://www.wlug.org.nz/ActiveDirectorySamba) don't work. They tell me 
to import the keytab file with
% ktutil
  ktutil: rkt mail.keytab
  ktutil: list
  ktutil: wkt /etc/krb5.keytab
  ktutil: q
But this does not work - not with ktutil and not with kadmin.
Perhaps i missed something?
Thanks a lot!!!
Mit freundlichen Grüßen
Markus Feilner
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg
fon: +49 941 70 65 23  - mobil: +49 170 302 709 2 
web: http://feilner-it.net mail: mfeilner@xxxxxxxxxxxxxx

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here