Active Directory authentication and kerberos timeout
John Abreau
jabr-mNDKBlG2WHs at public.gmane.org
Tue Dec 8 19:15:01 EST 2009
I recently set up a CentOS 5.4 server to bind to Active Directory for
authentication,
and it works fine for 24 hours. But I can't get the server to remain joined
permanently. When the kerberos ticket expires every 24 hours, the
server loses its
trust relationship until I renew the ticket.
How do I get the server to keep the trust relationship permanently?
# krb5.conf
[libdefaults]
default_realm = US.EAS.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
US.EAS.LOCAL = {
kdc = wes-dc01.us.eas.local:88
admin_server = wes-dc01.us.eas.local:749
default_domain = wes-dc01.us.eas.local
}
[domain_realm]
us.eas.local = US.EAS.LOCAL
.us.eas.local = US.EAS.LOCAL
# smb.conf
workgroup = WES
password server = wes-dc01.us.eas.local
realm = US.EAS.LOCAL
security = ads
# kinit
# net ads join -u Administrator-TPNy1LyYxJKlP7NgNAbZLA at public.gmane.org
--
John Abreau / Executive Director, Boston Linux & Unix
AIM abreauj / JABBER jabr-iMZfmuK6BGBxLiRVyXs8+g at public.gmane.org / YAHOO abreauj / SKYPE zusa_it_mgr
Email jabr-mNDKBlG2WHs at public.gmane.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9
PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
More information about the Discuss
mailing list