Mark Adams
2010-Nov-25 17:56 UTC
[Samba] ADS auth client disconnects when ads_cleanup_expired_creds runs
Hi All, Debian Lenny, with Samba 3.4.8~dfsg-2~bpo50+1 (backports) I'm having an issue where 1 or 2 random clients out of 100 seem to be disconnected from a samba print server and not allowed to reconnect until they log off and back on to their machines. It is not always the same clients. I have a Samba fileserver running on another machine with virtually identical config that does not have this issue. This happens pretty quickly after the ads_cleanup_expired creds log: --------------- [2010/11/25 15:15:01, 3] libsmb/clikrb5.c:620(ads_cleanup_expired_creds) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Fri, 26 Nov 2010 01:14:44 GMT --------------- In the specific client logs after this occurs I get the following: --------------- [2010/11/25 15:17:15, 0] lib/util_sock.c:738(write_data) [2010/11/25 15:17:15, 0] lib/util_sock.c:1491(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer [2010/11/25 15:17:15, 0] smbd/process.c:62(srv_send_smb) Error writing 4 bytes to client. -1. (Transport endpoint is not connected) [2010/11/25 15:17:15, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/11/25 15:17:15, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2010/11/25 15:17:15, 3] smbd/connection.c:42(yield_connection) deleting connection record returned NT_STATUS_NOT_FOUND [2010/11/25 15:17:15, 3] smbd/server.c:849(exit_server_common) Server exit (failed to receive smb request) [2010/11/25 15:18:35, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/11/25 15:18:35, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2010/11/25 15:18:35, 3] smbd/connection.c:42(yield_connection) deleting connection record returned NT_STATUS_NOT_FOUND [2010/11/25 15:18:35, 3] smbd/server.c:849(exit_server_common) Server exit (failed to receive smb request) --------------- It doesn't occur everytime the cleanup is run (which seems to be every 15 minutes), but does happen once or twice a day. It doesn't seem to be something wrong with my samba config, because it works 99% of the time. But please find it below and advise if anything might be causing this. --------------- [global] security = ads workgroup = DOMAIN realm = DOMAIN.LOCAL password server = dc1.domain.local, dc2.domain.local encrypt passwords = yes server string = domainprint netbios name = domainprint idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind offline logon = yes enhanced browsing = no template shell = /bin/false veto files = /TheVolumeSettingsFolder/, /Temporary Items/, /*DS_Store*/, /*AppleDB/, /*AppleDesktop/, /*AppleDouble/, /Network Trash Folder/, * /*Trashes/, /*TemporaryItems/, /*FBCLockFolder/, /*FBCIndex/ delete veto files = yes create mask = 0775 directory mask = 2775 invalid users = root panic action = /usr/share/samba/panic-action %d log file = /var/log/samba/log.%m log level = 3 socket options = TCP_NODELAY printing = cups printcap = cups #load printers = yes printer admin = @DOMAIN\itdept follow symlinks=yes ----------------- Is it possible to change the ticket expiration time? or is there a Windows setting on the Domain controller than needs to be changed? (Windows server standard 2008 R2). Any help appreciated, Please advise if I need to post any other details. Thanks, Mark