Is the NFS kerberized? We are seeing a similar issue but on Ubuntu bionic with sssd 1.16.1 (we suspect similar behavior as far back as 1.12.5 on Ubuntu trusty). When the Kerberos ticket expires, nfs access is denied. Unable to determine why sssd is not renewing the ticket. In our case, the ticket is obtained by ssh. If you use kinit, then sssd won't renew it (because it doesn't know about it). The logs for our situation have lots of data that I cannot adequately scrub to sent offsite for help.
-----Original Message----- From: Peter Tulpen <[email protected]> Sent: Friday, August 16, 2019 1:15 AM To: End-user discussions about the System Security Services Daemon <[email protected]> Subject: [SSSD-users] Re: issues with renewal of service tickets EXTERNAL MAIL: [email protected] The application is a self written python script, but the access is via nfs so I think the application responsible for this should be the nfsclient --- Ursprüngliche Nachricht --- Von: Sumit Bose <[email protected]> Datum: 15.08.2019 17:26:05 An: [email protected] Betreff: [SSSD-users] Re: issues with renewal of service tickets > On Thu, Aug 15, 2019 at 03:27:27PM +0200, Peter Tulpen wrote: > > Hello, > > we have some issues with long running batch jobs on centos machines > (centos 7, > > sssd 1.16.2 ). > > After the 10 hours the service ticket runs out, we have a access denied > error, > > but the next requests work. > > We broke it down to the issue that the service ticket is not renewed > ahead of > > expiration. > > Hi, > > what kind of service/application is this? If I understand it correctly > as long as there is a valid TGT the application should just ask for a > new service ticket. > > bye, > Sumit > > > What I found was options like krb5_renewable_lifetime and > > krb5_renew_interval, > > > but they all seem to refer to TGT, not the service ticket. > > Is there a way to watch and renew service tickets as well? > > > > > > ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ > > > > > Versendet mit Emailn.de - Freemail > > > > * Unbegrenzt Speicherplatz > > * Eigenes Online-Büro > > * 24h besten Mailempfang > > * Spamschutz, Adressbuch > > > > > _______________________________________________ > > sssd-users mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > > List Archives: > > https://lists.fedorahosted.org/archives/list/[email protected] > > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
