[Samba] Samba file sharing with AD authentication doesn't work on some boxes

Vitaly Karasik me at vitalykarasik.com
Tue Apr 4 14:54:37 UTC 2017 

Thank you both!

Probably I'm missing something, but doesn't the fact that we're able to use
AD users for Linux logins indicate that SSSD stuff is OK, and  there is
something  wrong on Samba level?

Vitaly

On Tue, Apr 4, 2017 at 5:20 PM, L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:

> Hello,
>
> I suggest you start reading here:
> https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server
>
> and if you want to use winbind and not sssd.
> read : https://wiki.samba.org/index.php/Setting_up_Samba_as_a_
> Domain_Member
>
> Now i dont use sssd and there is an other mailing list for sssd, ( sssd is
> not related to samba (yet) but my guesses are..
>
> - your keytab is expiring and not refreshed.
> - Time out of sync between the servers.
>
>
> Greetz,
>
> Louis
>
>
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens amit kumar via
> > samba
> > Verzonden: dinsdag 4 april 2017 15:38
> > Aan: me at vitalykarasik.com
> > CC: samba at lists.samba.org
> > Onderwerp: Re: [Samba] Samba file sharing with AD authentication doesn't
> > work on some boxes
> >
> > Hello,
> >
> > Try configure samba-servers with kerberos authentication from AD.
> >
> > Thanks
> >
> >
> > On 04/04/2017 05:01 PM, Vitaly Karasik via samba wrote:
> > > I have a few RHEL7 boxes, all of them are members in MS Win domain
> using
> > > SSSD. All of these linuxes run Samba for file sharing with the same
> > config.
> > > Usually it works nice, but from time to time users cannot map Samba
> > > folders, with the following message in the log:
> > >
> > >
> > > [2017/03/07 14:58:27.050493,  0]
> > > ../source3/auth/auth_domain.c:121(connect_to_domain_password_server)
> > >
> > >   connect_to_domain_password_server: unable to open the domain client
> > > session to machine DC03.example.LOCAL. Error was :
> > NT_STATUS_ACCESS_DENIED.
> > >
> > > [2017/03/07 14:58:27.050756,  0]
> > > ../source3/auth/auth_domain.c:184(domain_client_validate)
> > >
> > >   domain_client_validate: Domain password server not available.
> > >
> > >
> > > "From time to time" - i.e., sometimes certain Samba box is broken for a
> > > long time, sometime some box is stopping to work for some time.
> > >
> > > Unfortunately, I cannot blame MS Win admins because in the same time
> > some
> > > Samba boxes are OK when others are broken. Any ideas?
> > >
> > >
> > > My Samba is samba-4.4.4-12.el7_3.x86_64, config is
> > >
> > >
> > > security = ADS
> > >
> > > passdb backend = tdbsam
> > >
> > > realm = EXAMPLE.LOCAL
> > >
> > > password server = x.x.x.x y.y.y.y
> > >
> > >
> > > Any ideas?
> > >
> > >
> > > Thank you,
> > >
> > > Vitaly
> >
> > --
> > Thanks
> > Amit Kumar
> > There are three ways to get something done:
> >   (1) Do it yourself.
> >   (2) Hire someone to do it for you.
> >   (3) Forbid your kids to do it.
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list