[Samba] SAMBA4 - Trusted relationship lost every Weeks

Julien TEHERY julien.tehery at openevents.fr
Wed Aug 16 07:05:32 UTC 2017 

Hi,


Here is our smb.conf.

Please note that this server uses nss resolution for DOMAIN_B users and 
idmap_ldap backend to resolve DOMAIN_A users.

Trusted relationship between works well for other services between those 
two domains. Only samba4 fileserver needs to rejoin DOMAIN_A domain (AD 
2008 server) every week.

#======================= Global Settings 
=====================================
[global]
         server string = FILESERVER
         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
         realm = DOMAIN_A
         workgroup = DOMAIN_A
         os level = 80
         bind interfaces only = yes
         interfaces = eth0

         ## Encoding ##
         dos charset = 850
         #display charset = UTF8

         ## Name resolution ##
         dns proxy = no
         wins support = no
         name resolve order =  host wins bcast lmhosts

         ## Logs ##
         max log size = 50
         log level = 10
         log file = /var/log/samba/%m.log
         syslog only = no
         syslog = 0
         panic action = /usr/share/samba/panic-action %d

         ## Passwords ##
         security = ADS
         encrypt passwords = true
         unix password sync = no
         passwd program = /usr/bin/passwd %u
         passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .
         invalid users = root

         ## Restrictions ##
         hide special files = no
         hide unreadable = no
         hide dot files = no

         ## Resolve office save problems ##
         oplocks = no

         ## ACL SUPPORT ##
         nt acl support = yes
         acl check permissions = yes
         acl group control = yes

     # WINBIND
     ldap ssl =off
     ldap admin dn = cn=SuperUser,dc=domain_a,dc=com
     ldap suffix = dc=domain_a,dc=xm
         ldap timeout = 90
         ldap connection timeout = 20
         winbind nested groups = yes
         winbind expand groups = yes
         winbind cache time = 5
         winbind enum users = yes
         winbind enum groups = yes
         winbind separator = +
         winbind use default domain = no
         allow trusted domains = yes

     # IDMAP MDMAD XM
     #GLOBAL
         idmap config *: backend = tdb
         idmap config *: range = 19000-19999
     #DOMAIN_A
     idmap config DOMAIN_A : backend      = ldap
     idmap config DOMAIN_A : range        = 20000-9999999999
     idmap config DOMAIN_A : ldap_url     = ldap://myldap.domain_a.com
     idmap config DOMAIN_A : ldap_base_dn = ou=Idmap,dc=domain_a,dc=com
     idmap config DOMAIN_A : ldap_user_dn = cn=SuperUser,dc=domain_a,dc=com
     #DOMAIN_B
         idmap config DOMAIN_B backend      = nss
         idmap config DOMAIN_B: range = 500-19000

         guest account = nobody
         map to guest = Bad User


Le 13/08/2017 à 10:58, Rowland Penny via samba a écrit :
> On Sun, 13 Aug 2017 10:42:44 +0200
> Julien TEHERY via samba <samba at lists.samba.org> wrote:
>
>> Hi All,
>>
>> Answering to myself, this problem still occurs again and again, every
>> week as I mentioned before.
>> Rejoining the domain each time for samba4 file server is the only
>> workaround.
>>
>> What could be the origin of this kind of problem?
>>
> Can you post your smb.conf.
>
> Rowland
>

More information about the samba mailing list