On Sat, 2004-03-27 at 08:42, Jon Noack wrote:I run FreeBSD 5.2.1 and recently configured Samba 3.0.2a (from ports) for ADS using the FreeBSD-bundled krb5 (Heimdal 0.6, I believe) and OpenLDAP 2.1.28 (from ports). It is setup to authenticate off a Windows 2000 Domain Controller and is primarily used to provide proxy authentication for Squid. I will share more about my configuration if asked, but as it works flawlessly at first I think it's something minor.
Everything works quite well until 10 hours after winbindd was started. Then requests get denied. I set up a cron job to demonstrate this. The cron job just logs the time and the output of "wbinfo -t" every five minutes:
I suppose I could restart winbindd every 9 hours...
Fixes for this are in the current CVS tree. We now fetch a new ticket as the old ticket expires.
Andrew,
Thanks for the info. I found bug #1208 (from http://cvs.samba.org/cgi-bin/cvsweb/samba/source/libads/kerberos.c) and will watch there for any further developments.
Am I correct in assuming these fixes will be in 3.0.3 (so I can get an idea of when I can put this into production)?
Thanks again, Jon
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
