Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Kerberos user ticket policy, How do Real Admin set it

Status
Not open for further replies.

APOC9109

IS-IT--Management
Mar 7, 2006
48
US
I was told that the reason some of my users cannot access resources if they have benn logged on more than 8 hours may becuase my kerberos policy setting for "lifetime of a user ticket" is set for 8 hours. Is this true.
But then there is another policy for ticket renewal set to 7 days. this confuses me, they need to wait 7 days to renew??

If someone knowledgeable could help explain some common REAL setings of the policies i would be greatly apprecaitive. thanks
 
Um... Real admins don't mess with those settings unless directed to do so by Microsoft. The settings that are in the Default Domain Policy GPO object are correct for 99.99% of organizations out there. I would say that you have some other issue going on like replication failures or problems with the Key Distribution Center (KDC) service on your domain controllers. Are you getting any error events in the logs of your domain controllers?

Workstations and users should automatically request new Kerberos tickets in a timely manner. Are the client systems unable to get new tickets?

Oh... and one other thing... Do you have logon hours restricted for your users?

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top