Bug 14980 - File closure after +/- 10 hours on Samba SMB3 with Kerberos
Summary: File closure after +/- 10 hours on Samba SMB3 with Kerberos
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: unspecified
Hardware: x86 Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
Depends on:
Reported: 2022-02-15 08:13 UTC by Hans van Leeuwen
Modified: 2022-02-15 08:17 UTC (History)
0 users

See Also:

C-program source to reproduce the closed file problem (646 bytes, text/plain)
2022-02-15 08:13 UTC, Hans van Leeuwen
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Hans van Leeuwen 2022-02-15 08:13:42 UTC
Created attachment 17166 [details]
C-program source to reproduce the closed file problem

In own environment, several Samba-servers with the parameters “workgroup = WORKGROUP” and “security = user” works correct.
But the Samba-servers with the parameters “workgroup = <DOMAIN-NAME>” and “security = ads” results in a "closed file" after some hours.
I expect that this disconnection is the result of an “expired Kerberos ticket”.
But I don’t know how to avoid this "file closure".

On a Windows-10 system the X-drive is mapped to a Samba-server in the same domain.
In the attachment the C-source of a simple program is added.
The C-source is compiled with gcc to the executable fwrite.exe.
On that Windows-10 system the executable fwrite.exe runs for several hours correct.
The output of fwrite.exe is for several hours:
8  6:57:20
fprintf ret_val = 12 fflush ret_val = 0 errno = 0

Every minute a string with day number and time is added to the file ftest_file.txt on the Samba-Server.

But after several hours the output becomes:
8  16:42:23
fprintf ret_val = 12 fflush ret_val = -1 errno = 22

The file ftest_file.txt on the Samba-Server is not supplemented with date and time rules any more.

The mapped X-drive is however still available.

On the samba-server the command “klist” give the next output.

Ticket cache: FILE:/tmp/krb5cc_0             
Default principal: automation@<DOMAIN-NAME>

Valid starting     Expires            Service principal
09/02/22 11:59:59  10/02/22 11:59:59  krbtgt/<DOMAIN-NAME>.LOCAL@<DOMAIN-NAME>.LOCAL
                                renew until 25/02/22 11:59:59

Renewing the expire time with the command below doesn’t solve the problem.
kinit -V -k -t /etc/krb5.keytab automation@<DOMAIN-NAME>.LOCAL
Using default cache: /tmp/krb5cc_0
Using principal: automation@<DOMAIN-NAME>.LOCAL
Using keytab: /etc/krb5.keytab
Authenticated to Kerberos v5

In the Samba logfile's no relevant error messages are found.

With a share on a Windows SMB-Server with SMB3 this problem doesn't occur.
Doesn't a Windows SMB-server work with Kerberos?

Is it possible to use Samba SMBv3 without Kerberos?

The command smbstatus give "Samba version 4.7.6-Ubuntu"

How can I solve this "file closure" problem?