On Sun, 22 May 2011 13:36:07 +0100 Chris Rowson wrote: > > Hi, > > > > We have a number of Ubuntu servers 10.04. > > > > They join to active directory run by Windows Server 2008 R2 very > > well. > > > > However it seems they appear to fall off or loose a connection with > > the AD servers. It took 9 days last time. > > > > There isn't anything useful in the logs to explain why. > > > > The only way previously was to reboot the machine, which is not > > really an option at times. > > > > We have just found that killing winbind and starting it again fixes > > the issue without have to reboot the server. > > Restarting winbind does not fix it it doesn't even appear to > > restart in the process list, seems more like a reload. > > > > We have tried many other solutions and none have they worked. > > Aside from making a really dodgy cron script to kill and start > > winbind every 7/8 days does anybody know of a fix/solution? > > > > Has anybody else had this problem? > > > > Kind regards, > > > > Toby. > > > > Could be a time issue. > > AD authentication requires that the client time be pretty much the > same as the authenticating domain controller. Perhaps your Ubuntu > boxen are slightly out of sync, especially if they're virtualised? > > Perhaps you could try run a daily cron job to sync your Ubuntu > servers clock to NTP on the domain controller with the PDC emulator > role and see if that helps? > > Cheers, > > Chris
It's worth pointing out that they do need to be the same "time" relative to UTC. So if server X is on CET and server Y is on USA-EST, so long as when their clocks are the same when you convert to UTC then things will be OK. IIRC Active Directory has a tolerance of +/-2 minutes. Grant. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
