samba - Nov 2010 - ADS auth client disconnects when ads_cleanup_expired_creds runs

Hi All,

Debian Lenny, with Samba 3.4.8~dfsg-2~bpo50+1 (backports)

I'm having an issue where 1 or 2 random clients out of 100 seem to be
disconnected from a samba print server and not allowed to reconnect
until they log off and back on to their machines. It is not always the
same clients. I have a Samba fileserver running on another machine with
virtually identical config that does not have this issue. 

This happens pretty quickly after the ads_cleanup_expired creds log:

---------------

[2010/11/25 15:15:01,  3] libsmb/clikrb5.c:620(ads_cleanup_expired_creds) 
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Fri,
26 Nov 2010 01:14:44 GMT

---------------

In the specific client logs after this occurs I get the following:

---------------

[2010/11/25 15:17:15,  0] lib/util_sock.c:738(write_data)
[2010/11/25 15:17:15,  0] lib/util_sock.c:1491(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected
  write_data: write failure in writing to client 0.0.0.0. Error
Connection reset by peer
[2010/11/25 15:17:15,  0] smbd/process.c:62(srv_send_smb)
  Error writing 4 bytes to client. -1. (Transport endpoint is not
connected)
[2010/11/25 15:17:15,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/11/25 15:17:15,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to
[2010/11/25 15:17:15,  3] smbd/connection.c:42(yield_connection)
  deleting connection record returned NT_STATUS_NOT_FOUND
[2010/11/25 15:17:15,  3] smbd/server.c:849(exit_server_common)
  Server exit (failed to receive smb request)
[2010/11/25 15:18:35,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/11/25 15:18:35,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to
[2010/11/25 15:18:35,  3] smbd/connection.c:42(yield_connection)
  deleting connection record returned NT_STATUS_NOT_FOUND
[2010/11/25 15:18:35,  3] smbd/server.c:849(exit_server_common)
  Server exit (failed to receive smb request)

---------------

It doesn't occur everytime the cleanup is run (which seems to be every
15 minutes), but does happen once or twice a day.

It doesn't seem to be something wrong with my samba config, because it
works 99% of the time. But please find it below and advise if anything
might be causing this.

---------------

[global]

security = ads
workgroup = DOMAIN
realm = DOMAIN.LOCAL
password server = dc1.domain.local, dc2.domain.local
encrypt passwords = yes
server string = domainprint
netbios name = domainprint
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind offline logon = yes
enhanced browsing = no
template shell = /bin/false
veto files = /TheVolumeSettingsFolder/, /Temporary Items/, /*DS_Store*/,
/*AppleDB/, /*AppleDesktop/, /*AppleDouble/, /Network Trash Folder/,
 * /*Trashes/, /*TemporaryItems/, /*FBCLockFolder/, /*FBCIndex/
delete veto files = yes
create mask = 0775
directory mask = 2775
invalid users = root
panic action = /usr/share/samba/panic-action %d
log file = /var/log/samba/log.%m
log level = 3
socket options = TCP_NODELAY
printing = cups
printcap = cups
#load printers = yes
printer admin = @DOMAIN\itdept
follow symlinks=yes

-----------------

Is it possible to change the ticket expiration time? or is there a
Windows setting on the Domain controller than needs to be changed?
(Windows server standard 2008 R2).

Any help appreciated, Please advise if I need to post any other details.

Thanks,
Mark