[Samba] winbind + ads: only works for 10 hours?

Jon Noack noackjr at alumni.rice.edu
Sat Mar 27 09:48:51 GMT 2004

On 3/26/2004 5:14 PM, Andrew Bartlett wrote:
> On Sat, 2004-03-27 at 08:42, Jon Noack wrote:
>> I run FreeBSD 5.2.1 and recently configured Samba 3.0.2a (from 
>> ports) for ADS using the FreeBSD-bundled krb5 (Heimdal 0.6, I 
>> believe) and OpenLDAP 2.1.28 (from ports).  It is setup to 
>> authenticate off a Windows 2000 Domain Controller and is primarily 
>> used to provide proxy authentication for Squid.  I will share more 
>> about my configuration if asked, but as it works flawlessly at 
>> first I think it's something minor.
>> Everything works quite well until 10 hours after winbindd was 
>> started. Then requests get denied.  I set up a cron job to 
>> demonstrate this.  The cron job just logs the time and the output 
>> of "wbinfo -t" every five minutes:
>> I suppose I could restart winbindd every 9 hours...
> Fixes for this are in the current CVS tree.  We now fetch a new
> ticket as the old ticket expires.

Thanks for the info.  I found bug #1208 (from 
http://cvs.samba.org/cgi-bin/cvsweb/samba/source/libads/kerberos.c) and 
will watch there for any further developments.

Am I correct in assuming these fixes will be in 3.0.3 (so I can get an 
idea of when I can put this into production)?

Thanks again,

More information about the samba mailing list