On 2017-05-15 21:27, Jakub Hrozek wrote:

On Mon, May 15, 2017 at 03:54:22PM +0200, Ronald Wimmer wrote:

I am confronted with a behaviour for which I do not have an explanation for.

I am using NFS4 Kerberos automounted homeshares and and recently I got a
permission denied (reproducible when I restart autofs on the server I want
to connect to) from the Windows Domain. So here's what I tried:

1) Connected via PuTTY from a Windows Machine in the windows domain
     Kerberos-based login works but I get a "Permission Denied" on my home
directory; klist shows no tickets
No tickets at all? Not even an expired ticket?
Unfortunately no tickets.
Does running klist in cmd.exe show anything?
Yes, it does:
-bash-4.2$ klist
klist: Credentials cache keyring 'persistent:1073895519:1073895519' not found

And again... If I connect from my linux machine (within the ipa domain), tickets are there:

-bash-4.2$ klist
Ticket cache: KEYRING:persistent:1073895519:1073895519
Default principal: myu...@mywindowdomain.at

Valid starting       Expires              Service principal
2017-05-16 11:29:04 2017-05-16 15:43:45 nfs/ipanfs.myipadomain...@myipadomain.at 2017-05-16 11:25:09 2017-05-16 15:43:45 krbtgt/mywindowdomain...@mywindowdomain.at
    renew until 2017-05-16 15:43:45

From this point on login from windows (AD domain) does - of course - work.

Any ideas how to bring some light into this?

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to