[Samba] ADS auth client disconnects when ads_cleanup_expired_creds runs
Mark Adams
mark at campbell-lange.net
Thu Nov 25 10:56:16 MST 2010
Hi All,
Debian Lenny, with Samba 3.4.8~dfsg-2~bpo50+1 (backports)
I'm having an issue where 1 or 2 random clients out of 100 seem to be
disconnected from a samba print server and not allowed to reconnect
until they log off and back on to their machines. It is not always the
same clients. I have a Samba fileserver running on another machine with
virtually identical config that does not have this issue.
This happens pretty quickly after the ads_cleanup_expired creds log:
---------------
[2010/11/25 15:15:01, 3] libsmb/clikrb5.c:620(ads_cleanup_expired_creds)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Fri, 26 Nov 2010 01:14:44 GMT
---------------
In the specific client logs after this occurs I get the following:
---------------
[2010/11/25 15:17:15, 0] lib/util_sock.c:738(write_data)
[2010/11/25 15:17:15, 0] lib/util_sock.c:1491(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
write_data: write failure in writing to client 0.0.0.0. Error
Connection reset by peer
[2010/11/25 15:17:15, 0] smbd/process.c:62(srv_send_smb)
Error writing 4 bytes to client. -1. (Transport endpoint is not
connected)
[2010/11/25 15:17:15, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/11/25 15:17:15, 3] smbd/connection.c:31(yield_connection)
Yielding connection to
[2010/11/25 15:17:15, 3] smbd/connection.c:42(yield_connection)
deleting connection record returned NT_STATUS_NOT_FOUND
[2010/11/25 15:17:15, 3] smbd/server.c:849(exit_server_common)
Server exit (failed to receive smb request)
[2010/11/25 15:18:35, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/11/25 15:18:35, 3] smbd/connection.c:31(yield_connection)
Yielding connection to
[2010/11/25 15:18:35, 3] smbd/connection.c:42(yield_connection)
deleting connection record returned NT_STATUS_NOT_FOUND
[2010/11/25 15:18:35, 3] smbd/server.c:849(exit_server_common)
Server exit (failed to receive smb request)
---------------
It doesn't occur everytime the cleanup is run (which seems to be every
15 minutes), but does happen once or twice a day.
It doesn't seem to be something wrong with my samba config, because it
works 99% of the time. But please find it below and advise if anything
might be causing this.
---------------
[global]
security = ads
workgroup = DOMAIN
realm = DOMAIN.LOCAL
password server = dc1.domain.local, dc2.domain.local
encrypt passwords = yes
server string = domainprint
netbios name = domainprint
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind offline logon = yes
enhanced browsing = no
template shell = /bin/false
veto files = /TheVolumeSettingsFolder/, /Temporary Items/, /*DS_Store*/,
/*AppleDB/, /*AppleDesktop/, /*AppleDouble/, /Network Trash Folder/,
* /*Trashes/, /*TemporaryItems/, /*FBCLockFolder/, /*FBCIndex/
delete veto files = yes
create mask = 0775
directory mask = 2775
invalid users = root
panic action = /usr/share/samba/panic-action %d
log file = /var/log/samba/log.%m
log level = 3
socket options = TCP_NODELAY
printing = cups
printcap = cups
#load printers = yes
printer admin = @DOMAIN\itdept
follow symlinks=yes
-----------------
Is it possible to change the ticket expiration time? or is there a
Windows setting on the Domain controller than needs to be changed?
(Windows server standard 2008 R2).
Any help appreciated, Please advise if I need to post any other details.
Thanks,
Mark
More information about the samba
mailing list