Windows clients unable to access Samba share on AD joined Linux box every 7 days

Posted by Hassle2 on Server Fault See other posts from Server Fault or by Hassle2
Published on 2011-11-08T14:27:51Z Indexed on 2012/12/08 5:09 UTC
Read the original article Hit count: 442

The problem:

Every 7 days, 2 Windows Servers are unable to access a SMB/CIFS share. It will start working after a handful of hours.

The environment:

OpenFiler Linux box joined to 2003 AD Domain

Foreground app on Win2003 server access the SMB/CIFS share with windows credentials

Another process on Win2008 access the share via SQL Server with windows credentials

The Samba version on the Linux box is 3.4.5.

Security is set to ADS

wbinfo and getent return back expected users and groups

Does not look to be a double hop issue as it's always the 2 accounts, regardless of the calling user.

There is a DNS entry in both forward and reverse lookup zone for the linux box

The linux box's computer object in active directory shows that it was modified around/at the same time that the two clients started failing to access the share

Trying to access the share via IP works when by name does not

Rebooting the Windows server takes care of it (it's production and only restarted it once)

Restarting smbd, winbind, nmbd had no effect

Error in samba log for the client in question: smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!

The Question:

Does this look like the machine account password is changing (hence the AD object showing the updated modified date) or are the two windows clients unable to request a new ticket that works against this linux box?

© Server Fault or respective owner

Related posts about linux

Related posts about Windows