On 2017-05-15 21:27, Jakub Hrozek wrote:
[...]
On Mon, May 15, 2017 at 03:54:22PM +0200, Ronald Wimmer wrote:
Hi,
I am confronted with a behaviour for which I do not have an explanation for.
I am using NFS4 Kerberos automounted homeshares and and recently I got a
permission denied (reproducible when I restart autofs on the server I want
to connect to) from the Windows Domain. So here's what I tried:
1) Connected via PuTTY from a Windows Machine in the windows domain
Kerberos-based login works but I get a "Permission Denied" on my home
directory; klist shows no tickets
No tickets at all? Not even an expired ticket?
Unfortunately no tickets.
Does running klist in cmd.exe show anything?
Yes, it does:
-bash-4.2$ klist
klist: Credentials cache keyring 'persistent:1073895519:1073895519' not
found
And again... If I connect from my linux machine (within the ipa domain),
tickets are there:
-bash-4.2$ klist
Ticket cache: KEYRING:persistent:1073895519:1073895519
Default principal: myu...@mywindowdomain.at
Valid starting Expires Service principal
2017-05-16 11:29:04 2017-05-16 15:43:45
nfs/ipanfs.myipadomain...@myipadomain.at
2017-05-16 11:25:09 2017-05-16 15:43:45
krbtgt/mywindowdomain...@mywindowdomain.at
renew until 2017-05-16 15:43:45
From this point on login from windows (AD domain) does - of course - work.
Any ideas how to bring some light into this?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
