[Samba] samba 3.0.0 - winbind kerbros tickets expired

[thk4711 at web.de]

Hi everyone!

I have set up a SAMBA 3.0.0 Server on SLES8. The Server is a member of a W2K domain. The users are mapped with winbind. Everything is working fine – but only for 10 hours. Now I found out that the standard ticket lifetime for Kerberos tickets in windows is 10hours. In the samba log there are lines like:

user ‘testuser’ does not exist.

I think when the tickers are expired they are not renewed.

When I restart smbd and winbindd everything is working for another 10 hours.

I wrote a perl script that detects this and restarts the servers but I would prefer not to use this script.

The Kerberos version I use is: heimdal-0.4e-207

my /etc/krb5.conf:

[libdefaults]
 default_realm = SRV.DOMAIN.DE
 default_etypes     = des-cbc-crc des-cbc-md5
 default_etypes_des = des-cbc-crc des-cbc-md5

 dns_lookup_realm = false
 dns_lookup_kdc = true

[realms]
SRV.DOMAIN.DE = {
kdc = 193.16.226.81
default_domain = srv.domain.de
}

[domain_realm]
.srv.domain.de = SRV.DOMAIN.DE
srv.domain.de = SRV.DOMAIN.DE

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

my /etc/samba/smb.conf :

 [global]
        unix charset = ISO8859-1
        display charset = ISO8859-1
        workgroup = SRV
        realm = SRV.DOMAIN.DE
        security = ADS
        password server = 192.168.226.81
        syslog = 0
        log file = /var/log/samba.log
        local master = No
        ldap ssl = no
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind separator = +

Is there anyone who can help me ?

______________________________________________________________________________
Nachrichten, Musik und Spiele schnell und einfach per Quickstart im 
WEB.DE Screensaver - Gratis downloaden: http://screensaver.web.de/?mc=021110