First, I'm sorry if this mail is not helpful enough, I'm really just replying to the part I'm familiar with
On Mon, May 15, 2017 at 03:54:22PM +0200, Ronald Wimmer wrote: > Hi, > > I am confronted with a behaviour for which I do not have an explanation for. > > I am using NFS4 Kerberos automounted homeshares and and recently I got a > permission denied (reproducible when I restart autofs on the server I want > to connect to) from the Windows Domain. So here's what I tried: > > 1) Connected via PuTTY from a Windows Machine in the windows domain > Kerberos-based login works but I get a "Permission Denied" on my home > directory; klist shows no tickets No tickets at all? Not even an expired ticket? Does running klist in cmd.exe show anything? > > 2) I try to connect form a Linux machine belonging to the IPA domain > Kerberos-based login works, I can also access my home directory; > klist shows nfs/[email protected] and the krbtgt for the > windows domain > > 3) Now - of course - using the homeshares works from both domains windows > and ipa > > 4) When I do a kdestroy on the machine, using the homeshare when logged in > from windows still works - > My question is WHY? Does SSSD cache the NFS ticket? It does not. The only code in SSSD that caches anything Kerberos related is the KRB5CCNAME variable value. > (and why don't I get an nfs ticket when coming from the windows domain?) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
