First, I'm sorry if this mail is not helpful enough, I'm really just replying
to the part I'm familiar with
On Mon, May 15, 2017 at 03:54:22PM +0200, Ronald Wimmer wrote:
> I am confronted with a behaviour for which I do not have an explanation for.
> I am using NFS4 Kerberos automounted homeshares and and recently I got a
> permission denied (reproducible when I restart autofs on the server I want
> to connect to) from the Windows Domain. So here's what I tried:
> 1) Connected via PuTTY from a Windows Machine in the windows domain
> Kerberos-based login works but I get a "Permission Denied" on my home
> directory; klist shows no tickets
No tickets at all? Not even an expired ticket?
Does running klist in cmd.exe show anything?
> 2) I try to connect form a Linux machine belonging to the IPA domain
> Kerberos-based login works, I can also access my home directory;
> klist shows nfs/ipanfs.ipadomain...@ipadomain.at and the krbtgt for the
> windows domain
> 3) Now - of course - using the homeshares works from both domains windows
> and ipa
> 4) When I do a kdestroy on the machine, using the homeshare when logged in
> from windows still works -
> My question is WHY? Does SSSD cache the NFS ticket?
It does not. The only code in SSSD that caches anything Kerberos related
is the KRB5CCNAME variable value.
> (and why don't I get an nfs ticket when coming from the windows domain?)
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project