Jamf Nation Community

swaroopmj · ‎02-19-2016

I have a scenario where Kerberos is not working as desired. An User is working with a valid kerberos ticket and end of the day s/he closes the laptop instead of log off or shutdown. When the user enters the password and tries to mount a smb share or use a browser if the ticket is expired, it doesn't generate a new ticket.

Is there a way to generate kerberos ticket when it is expired without the user doing it manually?

bentoms · ‎02-20-2016

@swaroopmj typically a VPN connection will not create a Kerberos ticket.

KerbMinder might help.

View solution in original post

jrserapio · ‎02-19-2016

So far the easiest way I've found is to have the user start screen saver and unlock the screensaver. This will grant you your Kerberos tgt.

This however requires you to be connected to your network, be bound to AD, and have a password protected screensaver.

Connecting to VPN should also grant you a tgt iirc.

Curious to see what else is out there.

swaroopmj · ‎02-19-2016

In my test, I did connect to VPN before trying to mount my share. It prompted for my AD password. I was also under the impression, connecting to VPN will generate a ticket, but it didn't.

bentoms · ‎02-20-2016

@swaroopmj typically a VPN connection will not create a Kerberos ticket.

KerbMinder might help.

Sachin_Parmar · ‎02-20-2016

+1 for KerbMinder, especially with @bentoms forked ADPassMon works brilliantly!

dprakash · ‎02-22-2016

we had this exact problem with our old Sophos Proxy, KerbMinder alleviated most of those problems.

Before that we were just refreshing the ticket from Ticket Viewer which is in Applications>Utilities>Ticket Viewer.

flyboy · ‎02-23-2016

Talk to your Apple rep about Enterprise Connect. It will take care of this.

Jamf Nation Community

Kerberos ticket renewal after expiration