Ok. i got it. I had to change the parameter for:

krb5_ccache_type =3D FILE

now the users get a "cached" ticket at login. COOL

but when the automount daemon tries to mount their home it fails:

Apr 2 16:41:09 rhel4wbtest2 rpc.gssd[1793]: WARNING: Failed to create
krb5 context for user with uid 82967 for server ds-san-02.vegagroup.net
Apr 2 16:41:12 rhel4wbtest2 rpc.gssd[1793]: rpcsec_gss:
gss_init_sec_context: (major) Miscellaneous failure - (minor) No
credentials found with supported encryption types

Cheers,
Oli
-----Original Message-----
From: samba-bounces+oliver.weinmann=3Dvega.de@lists.samba.org
[mailto:samba-bounces+oliver.weinmann=3Dvega.de@lists.samba.org] On =
Behalf
Of Oliver Weinmann
Sent: 02 April 2008 16:31
To: Gerald (Jerry) Carter
Cc: samba@lists.samba.org
Subject: RE: [Samba] Urgent... winbind and keytab file creation

Sounds cool.

i made the changes. When i login as an ad user i don't get a ticket? Is
there anything else i need to set?

Cheers =20

-----Original Message-----
From: Gerald (Jerry) Carter [mailto:jerry@samba.org]
Sent: 02 April 2008 16:08
To: Oliver Weinmann
Cc: samba@lists.samba.org
Subject: Re: [Samba] Urgent... winbind and keytab file creation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oliver Weinmann wrote:
> how? when i use pam_winbind to login and automount to mount a users=20
> home with kerberos security i dont get a TGT at login. So this doesn't


> seem to work with pam_winbind or?


Install examples/pam_winbind/pam_winbind.conf to /etc/security/ and
enable the krb5_auth option.

Also set "winbind refresh tickets =3D yes" in smb.conf.





cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH85NJIR7qMdg1EfYRArVHAJ4sn70tRJV6uM7coc9id1 CjgUMlHQCfcJ7k
XPb8CJDfP62ida5MuNjbEn4=3D
=3D/0bH
-----END PGP SIGNATURE-----

__________________________________________________ ____________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__________________________________________________ ____________________
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

__________________________________________________ ____________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__________________________________________________ ____________________
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba