[Samba] Problem with Winbind and Windows Clients
L.P.H. van Belle
belle at bazuin.nl
Fri Mar 11 08:01:10 UTC 2016
Please Post your member smb.conf.
But probely your missing.
winbind refresh tickets = yes
and/or
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Oliver Werner
> Verzonden: vrijdag 11 maart 2016 8:55
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Problem with Winbind and Windows Clients
>
> Hi,
>
> i have a permanent problem with my samba members. there lost after some
> times his connections to DCs and i need to restart winbind.
>
> Also same problem with winds client that running 24x7. After few days i
> can not logged in.
>
> i think thats a problem with kerberos tickets.
>
> i have checks samba logs and found that samba member and windows client
> ask for new tickets and get new expiration.
>
> in my DCs i have set
>
> kdc:service ticket lifetime = 1
> kdc:user ticket lifetime = 24
> kdc:renewal lifetime = 120
>
> and Master krb5.conf looks
>
> [libdefaults]
> default_realm = HQ.KONTRAST
> dns_lookup_realm = false
> dns_lookup_kdc = true
> ticket_lifetime = 1d
> renew_lifetime = 5d
>
> [realms]
> HQ.KONTRAST = {
> kdc = vl0227.hq.kontrast
> kdc = vl0230.hq.kontrast
> kdc = pl0231.hq.kontrast
> master_kdc = vl0227.hq.kontrast
> admin_server = vl0227.hq.kontrast
> }
>
> [domain_realm]
> .hq.kontrast = HQ.KONTRAST
> hq.kontrast = HQ.KONTRAST
>
> [logging]
> kdc = SYSLOG:INFO:DAEMON
> admin_server = FILE:/var/log/kadmind.log
>
>
> So what i saw was GPOs are default empty. i need for winbind configure
> Kerberos Policy?
>
> kind regards
> OLIVER WERNER
> System-Administrator
>
>
>
>
>
> Kontrast Communication Services GmbH
> Grafenberger Allee 100, 40237 Düsseldorf, Germany
>
> Fon +49-211-91505-500
> Fax +49-211-91505-530
> www.kontrast.de <http://www.kontrast.de/>
>
> Amtsgericht Düsseldorf: HRB 26934
> Geschäftsführer: Joachim Fischer, Anja Grote-Lutter, Leontine van der
> Vlist
>
> <https://www.facebook.com/kontrast.communication>
> <https://twitter.com/KONTRAST_de>
> <http://www.xing.com/companies/kontrastcommunicationservicesgmbh>
> <http://www.linkedin.com/company/kontrast-communication-services-gmbh>
> <https://vimeo.com/kontrastcs> <http://instagram.com/kontrast_de>
>
> Note: The information contained in this message may be privileged and
> confidential and protected from disclosure. If the reader of this message
> is not the intended recipient, or an employee or agent responsible for
> delivering this message to the intended recipient, you are hereby notified
> that any dissemination, distribution or copying of this communication is
> strictly prohibited. If you have received this communication in error,
> please notify us immediately by replying to the message and deleting it
> from your computer.
>
> Please consider the environment and only print this if required.
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list