We have a service on our windows system that drops files onto a samba share
every 10 minutes. This has worked fine, except after one week, the system will
fail. We usually restart samba and winbind on the linux side, and then restart
the service on the windows box to resolve the issue.
This week we decieded to let it fail, and after an hour it seemed to allow
connections to the samba share. Here is the log file of the failures:
172.19.6.60 (172.19.6.60) closed connection to service lorian
[2010/06/21 09:40:03, 1] smbd/sesssetup.c:342(reply_spnego_kerberos)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
This repeats every minute until 10:33 am, when the service was able to
reconnect to the share.
Is there a reason why this would fail every week at the same time? Do these
settings have anything to do with the issue?
Default: idmap cache time = 604800 (one week)
Default: machine password timeout = 604800
For the machine password timeout, is it necessary for it to update this often.
Can it be set to only attempt once per year, longer?
One other question, is it possible to see the data contained in secrets.tdb?
The modified time of this file always lets us know that the share failure is
imminent. For example, file date was 6/21/10 9:36 am, first connection after
that time was 9:40 am and it failed.
Any assistance would be appreciated.
PDC: windows 2008 R2
Samba: 3.4.7 on ubuntu 10.4
Testparm:
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
workgroup = test
realm = TEST.LOCAL
server string = %h server (Samba, Ubuntu)
security = ADS
map to guest = Bad User
obey pam restrictions = Yes
password server = pdc21.test.local
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
domain master = No
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap uid = 500-10000000
idmap gid = 500-10000000
template shell = /bin/bash
winbind refresh tickets = Yes
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
browseable = No
browsable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
