[Samba] Connection dropping every 24 hours from Windows Client.

hans hans at sbsfor.com
Thu Jan 2 17:45:12 UTC 2020


I posted the following a month ago but have only managed to get to fixing on this over the holidays.  Rowland mentions that I needed to add my domain info, it’s now included and I still have the same issue.

Thanks and Happy New YearOld post begins below with edits
Hello
 
I have a problem with my Windows 10 drive connections dropping every 24
hours, very briefly.  It's enough to cause me to be unable to save my file,
or access a geodatabase.  I have followed much trouble shooting and I
believe that its due to the KDC Service ticket lifetime expiring, I have it
set for 24 hours in smb.conf. 

I have a Samba 4.9 DC and an Ubuntu 18.04 member file server where the
shares are running  4.7.6 and connected to the DC by Winbindd.  I notice
that when my 24 hours is up, smbstatus will show that I have a new PID.  The
files are unfortunately still being held open by the old PID and are no
longer accessible (I think.).

Here is the global part of my DC smb.conf
[global]
        workgroup = MYNET
        realm = mynet.mynet.com
        netbios name = MY_DC
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate
        idmap_ldb:use rfc2307 = yes
        kdc:service ticket lifetime = 24
        kdc:user ticket lifetime = 360
        kdc:renewal lifetime = 1800
        dsdb:schema update allowed = true
        tls enabled  = yes
        tls keyfile  = tls/myKey.pem
        tls certfile = tls/myCert.pem
        tls cafile   =
        wins support = yes
        ldap server require strong auth = no
 
And here is the global part of my file server smb.conf

workgroup = MYNET
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
realm = MYNET.MYNET.COM
security = ads
vfs object = acl_xattr
map acl inherit = yes
hide unreadable = yes
winbind refresh tickets = Yes
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config MYNET : backend = rid     çadded as per Rowland
idmap config MYNET : range = 50000-1000000  ç added as per Rowland


                winbind use default domain = true
                winbind offline logon = false
                 winbind nss info = rfc2307
                 winbind enum users = yes
                winbind enum groups = yes
                store dos attributes = yes
 
When I used to host the shares on the same DC, I never had this trouble.
When I had kdc:service ticket lifetime = 10, then the connections dropped
every 10 hours.  Do I just keep upping that number to something useful and
hope I don't get hacked, or is there something else I am missing.  To me, it
sounds a lot like this problem,
https://lists.samba.org/archive/samba/2014-March/179555.html

Thanks
 


More information about the samba mailing list