[Samba] Kerberos ticket expiry and share disconnect

[Peter Milesson]

Hi folks,

When starting to work on a Linux domain member PC early in the morning, 
and continuing for more than 10 hours, mounted shares disconnect 10 
hours after logging first logging in. It seems the kerberos expiry time 
of 10 hours is responsible for this behavior. It's really quite 
frustrating that documents just disappear in front of your eyes when 
this happens. Those problems have been reported numerous times in this 
list through the years.

Setting the default domain policies on the Samba AD DC with Microsoft 
ADUC (Default domain policy\Computer configuration\Policies\Windows 
settings\Security\Account policies\Kerberos policies) do not seem to 
have the slightest effect. The default expiry times remain both in Linux 
member servers, and in Windows clients.

I have tried to dig through the documentation, unfortunately with any 
positive results.

Do the Samba AD DC respect the set values at all? If not, how and where 
do I set the the kerberos ticket policies for the Samba domain? Do I use 
samba-tool, and in that case what is the command for setting the 
kerberos ticket expiry time? Do I set it in /etc/krb5.conf? Or in 
smb.conf? And do I set it in all Linux domain members? And what about 
Windows clients?

There is a Wiki page 
(https://wiki.samba.org/index.php/Samba_KDC_Settings), but there are no 
details into which file those settings go.

If somebody could share their knowledge about this, I would be grateful. 
The Wiki should also be updated, as it's sorely lacking in information 
value.

Best regards,

Peter