[Comm] samba+ads+winbind=проблемы?

[Владимир Гусев]

Здравствуйте!

Может кто-нибудь сталкивался с проблемой описанной по этой ссылке?

http://www.opennet.ru/openforum/vsluhforumID14/1253.html

Привожу ссылку ибо проблема в точности совпадает с описанной там.

Ключевые фразы проблемы:
По истечении определенного промежутка времени (в моем случае это около
1 часа) все портится:

wbinfo -t получаю вот это :
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
Could not check secret

Конфиги:

smb.conf

#======================= Global Settings =======================

[global]


# Settings

  kernel oplocks = yes
  client use spnego = yes
  server signing = auto
  client signing = auto
  template shell = /bin/bash
  nt acl support = yes
;  change notify timeout = 0
  

# Share Behavior
  
  inherit permissions = yes
  inherit acls = yes
  map acl inherit = yes
  acl compatibility  = auto
  dos filemode = yes
  dos filetimes = yes
;  dos filename resolution = yes
  map archive = yes
  map system = no
  map hidden = no
  ea support = yes
  force create mode = 0760
  

# Domain Settings
  
  workgroup = MOSCOW
  server string = %h (Linux FileServer)
  os level = 0
  preferred master = no
  announce as NT Server
  announce version = 4.9
  browse list = yes
  domain master = no
  local master = no
  enhanced browsing = no
  idmap uid = 16777216-33554431
  idmap gid = 16777216-33554431
  winbind use default domain = yes
  winbind enum groups = yes
  winbind enum users = yes
  winbind separator = +
  realm = MOSCOW.POSTSHOP.RU
  
  
# Security
  
  hosts allow = 192.168.1. 127.
  security = ADS
  password server = *
  encrypt passwords = yes
  
  
# Printers

;  printcap name = /etc/printcap
;  load printers = yes
;  printing = cups
;  cups options = raw
  

# Logging
  
  log file = /var/log/samba/%m.log
  log level = 3
  max log size = 500
  
# Network Settings

  remote announce = 192.168.0.  
  disable netbios = no
  netbios name = l-files
  
  
# Shares
  
[sources]
  comment = Our sources
  path = /media/raid/shares/sources
  guest ok = no
  read only = no
  browseable = yes
  writeable = yes
  create mask = 0760
  directory mask = 0760
  acl group control = yes
  store dos attributes = yes
  
[public]
  comment = Public data store 
  path = /media/raid/shares/public
  guest ok = yes
  read only = no
  browseable = yes
  writeable = yes
  create mask = 0760
  directory mask = 0760
  acl group control = yes
  store dos attributes = yes    

[distr]
  comment = DistroZZ 
  path = /media/raid/shares/distr
  guest ok = no
  read only = no
  browseable = yes
  writeable = yes
  create mask = 0760
  directory mask = 0760
  acl group control = yes
  store dos attributes = yes    
  
[buhgal]
  comment = Accounting department only! 
  path = /media/raid/shares/buhgal
  guest ok = no
  read only = no
  browseable = yes
  writeable = yes
  create mask = 0760
  directory mask = 0760
  acl group control = yes
  store dos attributes = yes    

[oper]
  comment = For updated our programs 
  path = /media/raid/shares/oper
  guest ok = no
  read only = no
  browseable = yes
  writeable = yes
  create mask = 0760
  directory mask = 0760
  acl group control = yes
  store dos attributes = yes    

;   postexec = /bin/umount /cdrom

________________________________________

krb5.conf

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
 
 
[libdefaults]
 ticket_lifetime = 24000
 default_realm = MOSCOW.POSTSHOP.RU
 dns_lookup_realm = true
 default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
 default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc


[realms]
  MOSCOW.POSTSHOP.RU = {
    kdc = 192.168.1.254
    admin_server = 192.168.1.254
    default_domain = MOSCOW.POSTSHOP.RU
  }


[domain_realm]
 .moscow.postshop.ru = MOSCOW.POSTSHOP.RU
 moscow.postshop.ru = MOSCOW.POSTSHOP.RU

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf


[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
 
________________________________________

nsswitch.conf


# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try: # `info libc "Name Service Switch"' for information about this
file.

passwd:         compat winbind
group:          compat winbind
shadow:         compat

hosts:          files dns wins
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis


-- 
С уважением,
Владимир Гусев