On Wed 28 Nov 2012 04:53:54 AM EST, Longina Przybyszewska wrote:
Thanks. I get it finally working!! : Ubuntu-Quantal
sssd+ad_provider+NFSv4 - :-)) but still have some issues:
1.
Ticket expires after 10 hours - I run msktutil (application for joining linux to AD and
adding principals to the account and some more)
daily in crontab to prevent ticket expiration - maybe this is not necessary?
Anyway, I ends having to manually reset machine's account and create a new keytab (
it is inefficient, but haven't figured out yet another way)
How does sssd renew tickets if machine was offline more then 10 hours?
This is wrong. You don't want to be replacing the keytab. The keytab
should not be expiring for weeks or months (or ever, if so configured).
What *is* expiring is the ticket-granting ticket (TGT). Instead of
using msktutil and replacing the keytab, you should be using 'kinit -k
-t /path/to/keytab <host_principal>' to reacquire the TGT.
2.
To get rid off listing of tens of group at login, I use the option:
What do you mean by "listing tens of group"?
ldap_group_member = uniqueMember
It works during login (no more long list, and login delay), but doesn't work when
changing personality with 'su -'
(again long list of numbers+ login delay)
I have no idea what problem you are trying to solve here.