[Samba] Samba 4 - disconnection after 10 hours (Solved)

Thu Mar 13 02:56:20 MDT 2014

Hi X-D

glad you found my wiki page useful, Andrew pointed me at these when I had a
similar issue with unix clients

the issue with win clients is that they need to have the screen locked
regularly to renew the tokens
windows does behave correctly in letting the tokens expire unless the user
takes a measure to renew it.

--

Damien Dye
 IT Manager
 *Sondrel Ltd*
 Sondrel House, Theale Lakes Business Park
Moulden Way, Sulhamstead, Berkshire, RG7 4GB, UK

Tel: +44(0)118 9838 550
www.sondrel.com

 [image: Sondrel] <http://www.sondrel.com/>

This e-mail and any attachments may be confidential or legally privileged.
If you are not the intended recipient, you should destroy the e-mail
message and any attachments, and inform us of the erroneous delivery by
return e-mail. You are prohibited from retaining, distributing, disclosing
or using any information contained herein. Internet communications cannot
be guaranteed to be timely, secure, error or virus-free. Sondrel Ltd and
the sender do not accept liability for any errors or omissions, nor do we
accept liability for the content of this email, or for the consequences of
any actions taken on the basis of the information provided, unless that
information is consequently confirmed in writing under the personal
signature of a duly authorised officer of Sondrel Ltd.

This email is sent on behalf of Sondrel Ltd registered in England with
number 4491953, registered office Sondrel House, Theale Lakes Business
Park, Moulden Way, Sulhamstead, Berkshire, RG7 4GB, UK.

On 12 March 2014 16:41, X-Dimension <x-dimension at gmx.net> wrote:

> Am 10.03.2014 17:38, schrieb X-Dimension:
>
>> Am 08.03.2014 13:27, schrieb X-Dimension:
>>
>>> Am 27.02.2014 21:08, schrieb X-Dimension:
>>>
>>>> We have a strange problem since we are using Samba 4.
>>>> On our domain controller (Samba 4.1.4) we have a share called
>>>> "programs" where we have installed
>>>> all programs that our employees need.
>>>> When a domain user (Windows 7 client) is connected round about 10 hours
>>>>  to our Samba DC,
>>>> all open programs that are installed on the "programs" share seems to
>>>> get lost the connection to
>>>> the server and so they crash. We can only close these applications by
>>>> killing them with the Windows task manager.
>>>> After this we can start all of these programs without a problem and
>>>> there are working fine again.
>>>> It looks like Samba kills the connection after 10 hours although the
>>>> programs are still in use.
>>>>
>>>> Does anybody has the same problem, or knows what goes wrong here?
>>>>
>>>> Thx for help!
>>>>
>>>
>>> I wonder if nobody else seems to have this problem.
>>> I can reproduce this every time here, even after updating to Samba 4.1.5
>>>
>>> Steps to reproduce are:
>>>
>>> 1. Install Samba 4 as Active Directory Domain Controller
>>> 2. Create a share (call it "Programs" for example)
>>> 3. Join the domain with a Windows 7 client and install some programs to
>>> the "Programs" share
>>> 4. Open some of these programs on the Windows 7 client computer
>>> -> smbstatus on the Samba server should now show many open files for
>>> these programs
>>> 5. Leave the programs open on the Windows client and wait around 9 till
>>> 10 hours
>>> 6. After 9 till 10 hours run smbstatus again on the Samba server and it
>>> shows no open files anymore
>>> and all the open programs on the Windows client should not work or crash
>>> now when you click on a menu item
>>> in it or something like that.
>>>
>>> Can anybody confirm this?
>>>
>>> Thx
>>>
>> I have done a few tests over the weekend and the disconnection always
>> occurs exactly after 10 hours!
>> So i searched for SMB/CIFS timeouts on Google and found that the Kerberos
>> ticket timeout is
>> also 10 hours by default.
>>
>> Is it possible that the Kerberos ticket timeout is the reason for my
>> disconnection problem?
>> Maybe there is a problem with Kerberos ticket renewal on the client or
>> server side?
>>
>> I also found this bug, that sounds similar
>> https://bugzilla.samba.org/show_bug.cgi?id=9098#c4
>>
>> How can i check if Kerberos ticket renewal works on our system or not?
>>
>> Thx
>>
>>  I solved my problem now and the default Kerberos ticket lifetime was
> indeed the reason for the disconnection after 10 hours!
>
> The Samba wiki helped me a lot: https://wiki.samba.org/index.
> php/Samba_KDC_Settings
>
> After adding these lines to smb.conf everything works fine now:
>
> kdc:service ticket lifetime = 24
> kdc:user ticket lifetime = 24
> kdc:renewal lifetime = 120
>
> But i have still one question. Why does our Windows 7 clients don't renew
> the tickets automatically
> before the ticket lifetime exceeds?
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>