[Freeipa-users] SSSD Cache and Service Tickets
Ronald Wimmer
ronaldw at ronzo.at
Tue May 16 09:30:25 UTC 2017
On 2017-05-15 21:27, Jakub Hrozek wrote:
> [...]
>
> On Mon, May 15, 2017 at 03:54:22PM +0200, Ronald Wimmer wrote:
>> Hi,
>>
>> I am confronted with a behaviour for which I do not have an explanation for.
>>
>> I am using NFS4 Kerberos automounted homeshares and and recently I got a
>> permission denied (reproducible when I restart autofs on the server I want
>> to connect to) from the Windows Domain. So here's what I tried:
>>
>> 1) Connected via PuTTY from a Windows Machine in the windows domain
>> Kerberos-based login works but I get a "Permission Denied" on my home
>> directory; klist shows no tickets
> No tickets at all? Not even an expired ticket?
Unfortunately no tickets.
> Does running klist in cmd.exe show anything?
Yes, it does:
-bash-4.2$ klist
klist: Credentials cache keyring 'persistent:1073895519:1073895519' not
found
And again... If I connect from my linux machine (within the ipa domain),
tickets are there:
-bash-4.2$ klist
Ticket cache: KEYRING:persistent:1073895519:1073895519
Default principal: myuser at MYWINDOWDOMAIN.AT
Valid starting Expires Service principal
2017-05-16 11:29:04 2017-05-16 15:43:45
nfs/ipanfs.myipadomain.at at MYIPADOMAIN.AT
2017-05-16 11:25:09 2017-05-16 15:43:45
krbtgt/MYWINDOWDOMAIN.AT at MYWINDOWDOMAIN.AT
renew until 2017-05-16 15:43:45
From this point on login from windows (AD domain) does - of course - work.
Any ideas how to bring some light into this?
More information about the Freeipa-users
mailing list