[Samba] Connection dropping every 24 hours from Windows Client.

Rowland penny rpenny at samba.org
Fri Jan 3 17:19:27 UTC 2020 

On 03/01/2020 16:25, Hans Rasmussen wrote:
> I changed my SMB.conf on the DC's and the member as per your instructions.  Now the connection dropped at 10 hours, which appears to be the default end time of the certificate.
>
> KLIST on a windows box returns.....
> Cached Tickets: (3)
>
> #0>     Client: hans @ MYNET.MYNET.COM
>          Server: krbtgt/ MYNET.MYNET.COM @ MYNET.MYNET.COM
>          KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
>          Ticket Flags 0x40e00000 -> forwardable renewable initial pre_authent
>          Start Time: 1/3/2020 7:59:07 (local)
>          End Time:   1/3/2020 17:59:07 (local)
>          Renew Time: 1/10/2020 7:59:07 (local)
>          Session Key Type: RSADSI RC4-HMAC(NT)
>          Cache Flags: 0x1 -> PRIMARY
>          Kdc Called: bobafett.mynet.mynet.com
>
> #1>     Client: hans @ MYNET.MYNET.COM
>          Server: LDAP/bigbird.mynet.mynet.com / mynet.mynet.com @ MYNET.MYNET.COM
>          KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
>          Ticket Flags 0x40ac0000 -> forwardable renewable pre_authent ok_as_delegate 0x80000
>          Start Time: 1/3/2020 7:59:08 (local)
>          End Time:   1/3/2020 17:59:07 (local)
>          Renew Time: 1/10/2020 7:59:07 (local)
>          Session Key Type: RSADSI RC4-HMAC(NT)
>          Cache Flags: 0
>          Kdc Called: bobafett.mynet.mynet.com
>
> #2>     Client: hans @ MYNET.MYNET.COM
>          Server: host/han.mynet.mynet.com @ MYNET.MYNET.COM
>          KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
>          Ticket Flags 0x40a80000 -> forwardable renewable pre_authent 0x80000
>          Start Time: 1/3/2020 7:59:07 (local)
>          End Time:   1/3/2020 17:59:07 (local)
>          Renew Time: 1/10/2020 7:59:07 (local)
>          Session Key Type: RSADSI RC4-HMAC(NT)
>          Cache Flags: 0
>          Kdc Called: bobafett mynet.mynet.com
>
> Where bigbird is my primary DC, bobafett and jabbathehut (not seen here) are my identical secondary dc's, and han is my windows 10 workstation.

First, you do not have a 'primary' DC and two 'secondary' DC's, you just 
have three AD DC's, all DC's are equal.

Please go here: 
https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh

Download the script and run it on all your Samba machines and then send 
the outputs to me. Lets see if everything is set up correctly, the Linux 
domain member I am typing this on has been up for over 8 days and has 
never dropped its ticket, winbind keeps it refreshed (I also have an rpi 
that has been up for 66 days).

Rowland

More information about the samba mailing list