[Samba] Connection dropping every 24 hours from Windows Client.

Hans Rasmussen hans at sbsfor.com
Wed Dec 11 00:46:33 UTC 2019 

Hello

 

I have a problem with my Windows 10 drive connections dropping every 24
hours, very briefly.  It's enough to cause me to be unable to save my file,
or access a geodatabase.  I have followed much trouble shooting and I
believe that its due to the KDC Service ticket lifetime expiring, I have it
set for 24 hours in smb.conf.  

 

I have a Samba 4.9 DC and an Ubuntu 18.04 member file server where the
shares are running  4.7.6 and connected to the DC by Winbindd.  I notice
that when my 24 hours is up, smbstatus will show that I have a new PID.  The
files are unfortunately still being held open by the old PID and are no
longer accessible (I think.).

 

Here is the global part of my DC smb.conf

[global]

        workgroup = MYNET

        realm = mynet.mynet.com

        netbios name = MY_DC

        server role = active directory domain controller

        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate

        idmap_ldb:use rfc2307 = yes

        kdc:service ticket lifetime = 24

        kdc:user ticket lifetime = 360

        kdc:renewal lifetime = 1800

        dsdb:schema update allowed = true

        tls enabled  = yes

        tls keyfile  = tls/myKey.pem

        tls certfile = tls/myCert.pem

        tls cafile   =

        wins support = yes

        ldap server require strong auth = no

 

And here is the global part of my file server smb.conf

workgroup = MYNET

client signing = yes

client use spnego = yes

kerberos method = secrets and keytab

realm = MYNET.MYNET.COM

security = ads

vfs object = acl_xattr

map acl inherit = yes

hide unreadable = yes

winbind refresh tickets = Yes

idmap config * : backend = tdb

idmap config *:range = 50000-1000000

                winbind use default domain = true

                winbind offline logon = false

                 winbind nss info = rfc2307

                 winbind enum users = yes

                winbind enum groups = yes

                store dos attributes = yes

 

When I used to host the shares on the same DC, I never had this trouble.
When I had kdc:service ticket lifetime = 10, then the connections dropped
every 10 hours.  Do I just keep upping that number to something useful and
hope I don't get hacked, or is there something else I am missing.  To me, it
sounds a lot like this problem,
https://lists.samba.org/archive/samba/2014-March/179555.html

 

Thanks

More information about the samba mailing list