[Samba] KDC Disconnected.

Meli Marco Marco.Meli at gknsintermetals.com
Wed May 11 08:38:50 GMT 2005 

Hi,
I'm working with samba 3.0.13-1, krb5...1.2.7-10 and following parameters
settings:

/etc/krb5.conf:
[logging]
 default = FILE:/var/log/krb5libs.log <FILE:/var/log/krb5libs.log> 
 kdc = FILE:/var/log/krb5kdc.log <FILE:/var/log/krb5kdc.log> 
 admin_server = FILE:/var/log/kadmind.log <FILE:/var/log/kadmind.log> 

[libdefaults]
 ticket_lifetime = 24000
 default_realm = REALM.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false

[realms]
 REALM.COM = {
  kdc = KDC.REALM.COM
 }

[domain_realm]
 .realm.com = REALM.COM
 realm.com = REALM.COM

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

/etc/samba/smb.conf:

[global]
        netbios name = NETBIOSNAME
        os level = 16
        wins server = xx.xx.xx.xx
        socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
        workgroup = DOMAIN
        realm = REALM.COM
        security = ADS
        password server = kdc.realm.com
        encrypt passwords = yes
        allow trusted domains = Yes
        winbind use default domain = Yes
        winbind separator = /
        winbind enum users = Yes
        winbind enum groups = Yes
        idmap uid = 10000-40000
        idmap gid = 10000-40000
        template homedir = /data/user/%U
        template shell = /bin/false
        use sendfile = Yes
        printer admin = xxx
        admin users = xxx
        log file = /var/spool/samba/log.%m
        log level = 1 auth:10 sam:10
        max log size = 50
        printcap name = cups
        disable spoolss = No
        show add printer wizard = Yes
        printing = cups
        load printers = yes
        map acl inherit = yes

Sometimes if something wrong and my users are get off the samba share I run
wbinfo --sequence and it return me a complete domains list with NT and AD
domains with AD "domains" = DISCONNECT.
In this case I can't retrieve account information by Kdc with wbinfo -u but
it show me only NT domain accounts.
I can restart the winbind service and smb without benefits the only way is
to join the samba box to AD again and after it works as before.
So , Why sometimes it happens? And what can I do to reconnect it again
automatically.
Probably something with kerberos?
Thanks.
Marco.

More information about the samba mailing list