[Samba] Samba file sharing with AD authentication doesn't work on some boxes

Vitaly Karasik me at vitalykarasik.com
Tue Apr 4 11:31:03 UTC 2017

I have a few RHEL7 boxes, all of them are members in MS Win domain using
SSSD. All of these linuxes run Samba for file sharing with the same config.
Usually it works nice, but from time to time users cannot map Samba
folders, with the following message in the log:

[2017/03/07 14:58:27.050493,  0]

  connect_to_domain_password_server: unable to open the domain client
session to machine DC03.example.LOCAL. Error was : NT_STATUS_ACCESS_DENIED.

[2017/03/07 14:58:27.050756,  0]

  domain_client_validate: Domain password server not available.

"From time to time" - i.e., sometimes certain Samba box is broken for a
long time, sometime some box is stopping to work for some time.

Unfortunately, I cannot blame MS Win admins because in the same time some
Samba boxes are OK when others are broken. Any ideas?

My Samba is samba-4.4.4-12.el7_3.x86_64, config is

security = ADS

passdb backend = tdbsam


password server = x.x.x.x y.y.y.y

Any ideas?

Thank you,


More information about the samba mailing list