We are integrating Linux machines into our Active Directory infrastructure. It works quite fine, users are logging in with their AD-credentials, and get access to cifs-network-shares via PAM-mount. However, if we are running some lengthy script accessing cifs ressources, the Kerberos tickets time out on us
OSError: [Errno 126] Required key not available:
I think we have tried to avoid this in our sssd configuration (we are on Ubuntu 22.04):
[sssd]
domains = xxx.local
config_file_version = 2
services = nss, pam
[domain/xxx.local]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = XXX.LOCAL
realmd_tags = manages-system joined-with-adcli
id_provider = ad
override_homedir = /home/%u
ad_domain = xxx.local
simple_allow_users = me@xxx.local
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = simple
auto_private_groups = true
krb5_renewable_lifetime = 1d
krb5_renew_interval = 1h
klist shows this:
Ticket cache: FILE:/tmp/krb5cc_1324623095_R1z9ly
Default principal: me@XXX.LOCAL
Valid starting Expires Service principal
09/18/2022 17:30:15 09/19/2022 03:30:15 krbtgt/XXX.LOCAL@XXX.LOCAL
renew until 09/19/2022 17:30:10
09/18/2022 17:37:50 09/19/2022 03:30:15 cifs/nas1.xxx.local@XXX.LOCAL
renew until 09/19/2022 17:30:10
What am I missing?
