The problem:

Every 7 days, 2 Windows Servers are unable to access a SMB/CIFS share. It will start working after a handful of hours.

The environment:

OpenFiler Linux box joined to 2003 AD Domain

Foreground app on Win2003 server access the SMB/CIFS share with windows credentials

Another process on Win2008 access the share via SQL Server with windows credentials

The Samba version on the Linux box is 3.4.5.

Security is set to ADS

wbinfo and getent return back expected users and groups

Does not look to be a double hop issue as it's always the 2 accounts, regardless of the calling user.

There is a DNS entry in both forward and reverse lookup zone for the linux box

The linux box's computer object in active directory shows that it was modified around/at the same time that the two clients started failing to access the share

Trying to access the share via IP works when by name does not

Rebooting the Windows server takes care of it (it's production and only restarted it once)

Restarting smbd, winbind, nmbd had no effect

Error in samba log for the client in question: smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!

The Question:

Does this look like the machine account password is changing (hence the AD object showing the updated modified date) or are the two windows clients unable to request a new ticket that works against this linux box?