[Samba] SAMBA4 - Trusted relationship lost every Weeks
Julien TEHERY
julien.tehery at openevents.fr
Wed Aug 16 07:05:32 UTC 2017
Hi,
Here is our smb.conf.
Please note that this server uses nss resolution for DOMAIN_B users and
idmap_ldap backend to resolve DOMAIN_A users.
Trusted relationship between works well for other services between those
two domains. Only samba4 fileserver needs to rejoin DOMAIN_A domain (AD
2008 server) every week.
#======================= Global Settings
=====================================
[global]
server string = FILESERVER
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
realm = DOMAIN_A
workgroup = DOMAIN_A
os level = 80
bind interfaces only = yes
interfaces = eth0
## Encoding ##
dos charset = 850
#display charset = UTF8
## Name resolution ##
dns proxy = no
wins support = no
name resolve order = host wins bcast lmhosts
## Logs ##
max log size = 50
log level = 10
log file = /var/log/samba/%m.log
syslog only = no
syslog = 0
panic action = /usr/share/samba/panic-action %d
## Passwords ##
security = ADS
encrypt passwords = true
unix password sync = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
invalid users = root
## Restrictions ##
hide special files = no
hide unreadable = no
hide dot files = no
## Resolve office save problems ##
oplocks = no
## ACL SUPPORT ##
nt acl support = yes
acl check permissions = yes
acl group control = yes
# WINBIND
ldap ssl =off
ldap admin dn = cn=SuperUser,dc=domain_a,dc=com
ldap suffix = dc=domain_a,dc=xm
ldap timeout = 90
ldap connection timeout = 20
winbind nested groups = yes
winbind expand groups = yes
winbind cache time = 5
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
winbind use default domain = no
allow trusted domains = yes
# IDMAP MDMAD XM
#GLOBAL
idmap config *: backend = tdb
idmap config *: range = 19000-19999
#DOMAIN_A
idmap config DOMAIN_A : backend = ldap
idmap config DOMAIN_A : range = 20000-9999999999
idmap config DOMAIN_A : ldap_url = ldap://myldap.domain_a.com
idmap config DOMAIN_A : ldap_base_dn = ou=Idmap,dc=domain_a,dc=com
idmap config DOMAIN_A : ldap_user_dn = cn=SuperUser,dc=domain_a,dc=com
#DOMAIN_B
idmap config DOMAIN_B backend = nss
idmap config DOMAIN_B: range = 500-19000
guest account = nobody
map to guest = Bad User
Le 13/08/2017 à 10:58, Rowland Penny via samba a écrit :
> On Sun, 13 Aug 2017 10:42:44 +0200
> Julien TEHERY via samba <samba at lists.samba.org> wrote:
>
>> Hi All,
>>
>> Answering to myself, this problem still occurs again and again, every
>> week as I mentioned before.
>> Rejoining the domain each time for samba4 file server is the only
>> workaround.
>>
>> What could be the origin of this kind of problem?
>>
> Can you post your smb.conf.
>
> Rowland
>
More information about the samba
mailing list