Ok. i got it. I had to change the parameter for: krb5_ccache_type = FILE
now the users get a "cached" ticket at login. COOL :) but when the automount daemon tries to mount their home it fails: Apr 2 16:41:09 rhel4wbtest2 rpc.gssd[1793]: WARNING: Failed to create krb5 context for user with uid 82967 for server ds-san-02.vegagroup.net Apr 2 16:41:12 rhel4wbtest2 rpc.gssd[1793]: rpcsec_gss: gss_init_sec_context: (major) Miscellaneous failure - (minor) No credentials found with supported encryption types Cheers, Oli -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oliver Weinmann Sent: 02 April 2008 16:31 To: Gerald (Jerry) Carter Cc: [email protected] Subject: RE: [Samba] Urgent... winbind and keytab file creation Sounds cool. i made the changes. When i login as an ad user i don't get a ticket? Is there anything else i need to set? Cheers -----Original Message----- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: 02 April 2008 16:08 To: Oliver Weinmann Cc: [email protected] Subject: Re: [Samba] Urgent... winbind and keytab file creation -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oliver Weinmann wrote: > how? when i use pam_winbind to login and automount to mount a users > home with kerberos security i dont get a TGT at login. So this doesn't > seem to work with pam_winbind or? Install examples/pam_winbind/pam_winbind.conf to /etc/security/ and enable the krb5_auth option. Also set "winbind refresh tickets = yes" in smb.conf. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH85NJIR7qMdg1EfYRArVHAJ4sn70tRJV6uM7coc9id1CjgUMlHQCfcJ7k XPb8CJDfP62ida5MuNjbEn4= =/0bH -----END PGP SIGNATURE----- ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
