On Wed 28 Nov 2012 04:53:54 AM EST, Longina Przybyszewska wrote:
Thanks. I get it finally working!! : Ubuntu-Quantal sssd+ad_provider+NFSv4 - :-)) but still have some issues: 1. Ticket expires after 10 hours - I run msktutil (application for joining linux to AD and adding principals to the account and some more) daily in crontab to prevent ticket expiration - maybe this is not necessary? Anyway, I ends having to manually reset machine's account and create a new keytab ( it is inefficient, but haven't figured out yet another way) How does sssd renew tickets if machine was offline more then 10 hours?
This is wrong. You don't want to be replacing the keytab. The keytab should not be expiring for weeks or months (or ever, if so configured). What *is* expiring is the ticket-granting ticket (TGT). Instead of using msktutil and replacing the keytab, you should be using 'kinit -k -t /path/to/keytab <host_principal>' to reacquire the TGT.
2. To get rid off listing of tens of group at login, I use the option:
What do you mean by "listing tens of group"?
ldap_group_member = uniqueMember It works during login (no more long list, and login delay), but doesn't work when changing personality with 'su -' (again long list of numbers+ login delay)
I have no idea what problem you are trying to solve here. _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
