[Samba] Samba file sharing with AD authentication doesn't work on some boxes

L.P.H. van Belle belle at bazuin.nl
Tue Apr 4 14:20:31 UTC 2017


Hello, 

I suggest you start reading here:
https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server 

and if you want to use winbind and not sssd. 
read : https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member 

Now i dont use sssd and there is an other mailing list for sssd, ( sssd is not related to samba (yet) but my guesses are.. 

- your keytab is expiring and not refreshed. 
- Time out of sync between the servers. 


Greetz, 

Louis





> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens amit kumar via
> samba
> Verzonden: dinsdag 4 april 2017 15:38
> Aan: me at vitalykarasik.com
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba file sharing with AD authentication doesn't
> work on some boxes
> 
> Hello,
> 
> Try configure samba-servers with kerberos authentication from AD.
> 
> Thanks
> 
> 
> On 04/04/2017 05:01 PM, Vitaly Karasik via samba wrote:
> > I have a few RHEL7 boxes, all of them are members in MS Win domain using
> > SSSD. All of these linuxes run Samba for file sharing with the same
> config.
> > Usually it works nice, but from time to time users cannot map Samba
> > folders, with the following message in the log:
> >
> >
> > [2017/03/07 14:58:27.050493,  0]
> > ../source3/auth/auth_domain.c:121(connect_to_domain_password_server)
> >
> >   connect_to_domain_password_server: unable to open the domain client
> > session to machine DC03.example.LOCAL. Error was :
> NT_STATUS_ACCESS_DENIED.
> >
> > [2017/03/07 14:58:27.050756,  0]
> > ../source3/auth/auth_domain.c:184(domain_client_validate)
> >
> >   domain_client_validate: Domain password server not available.
> >
> >
> > "From time to time" - i.e., sometimes certain Samba box is broken for a
> > long time, sometime some box is stopping to work for some time.
> >
> > Unfortunately, I cannot blame MS Win admins because in the same time
> some
> > Samba boxes are OK when others are broken. Any ideas?
> >
> >
> > My Samba is samba-4.4.4-12.el7_3.x86_64, config is
> >
> >
> > security = ADS
> >
> > passdb backend = tdbsam
> >
> > realm = EXAMPLE.LOCAL
> >
> > password server = x.x.x.x y.y.y.y
> >
> >
> > Any ideas?
> >
> >
> > Thank you,
> >
> > Vitaly
> 
> --
> Thanks
> Amit Kumar
> There are three ways to get something done:
>   (1) Do it yourself.
>   (2) Hire someone to do it for you.
>   (3) Forbid your kids to do it.
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba





More information about the samba mailing list