[Samba] domain join becomes invalid every 24h
Alexis Pellicier
alexis.pellicier at nds.k12.tr
Thu Apr 25 11:15:35 UTC 2024
I've activated the logs as Andrew suggested and It has shown the
fileserver was trying to join the domain with 2 different names.
I guess I messed something up when I did some testing on joining the domain.
I have found those 2 names in the AD and in krb5.keytab.
So I've deleted the faulty name from AD,
samba-tool computer delete testfileserver
leave the domain,
net ads leave -Uadmin
move away krb5.keytab and join the domain again.
mv /etc/ krb5.keytab
net ads join -Uadmin
After 24h every the join is still ok. Proble solved
Thanks you a lot for your help !
Le mer. 24 avr. 2024 à 12:29, Andrew Bartlett <abartlet at samba.org> a écrit :
>
> On Wed, 2024-04-24 at 10:20 +0300, Alexis Pellicier via samba wrote:
>
>
> As test I joined another server as member and I didnt see this issue.
>
>
> I have another site with the same setup and I haven't seen this issue neither
>
>
>
>
> Any information which could help me to solve this is welcome.
>
>
> I think you have two things (eg perhaps sssd and winbind, as suggested, or two different devices) joined under the same name somehow.
>
> Samba DB change audit logs might give a clue, but every 24 hours is very short, most tooling rotates their password every couple of weeks, not every 24 hours.
>
> https://wiki.samba.org/index.php/Setting_up_Audit_Logging#Enabling_AD_DC_Database_Audit_Logging
>
> Andrew Bartlett
>
> --
>
> Andrew Bartlett (he/him) https://samba.org/~abartlet/
> Samba Team Member (since 2001) https://samba.org
> Samba Team Lead https://catalyst.net.nz/services/samba
> Catalyst.Net Ltd
>
> Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company
>
> Samba Development and Support: https://catalyst.net.nz/services/samba
>
> Catalyst IT - Expert Open Source Solutions
More information about the samba
mailing list