[Samba] Windows clients require reboot once a day in order to access mapped drives
Mason Schmitt
mason at ftlcomputing.com
Thu Apr 18 17:49:28 UTC 2019
Hello,
I hope someone has seen this before and knows what's going on. Given the
time delay between the problem recurring, I'm guessing the issue lies with
Kerberos, but I'm not sure how to verify that or how to resolve the issue.
If you need more info, please let me know.
Problem:
Each morning, windows users are not able to access their mapped drives.
Once they reboot their computers, they are fine for another day.
Configuration:
- Samba AD DC, running on Ubuntu 18.04, using the stock samba package
(4.7.6)
- Samba file server, running on CentOS 7.6, using the stock samba
package (4.8.3)
- Mix of windows 7 and windows 10 clients. Users on both platforms have
reported this issue
smb.conf on AD DC
--------------------------------
# Global parameters
[global]
dns forwarder = 10.0.38.1
netbios name = AD1
realm = REALM.EXAMPLE.COM
server role = active directory domain controller
workgroup = REALM
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /var/lib/samba/sysvol/realm.example.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
krb5.conf on AD DC
------------------------------
[libdefaults]
default_realm = REALM.EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = true
smb.conf on file server
----------------------------------
[global]
kerberos method = system keytab
workgroup = REALM
security = ads
realm = REALM.EXAMPLE.COM
# Logging
log file = /var/log/samba/%m.log
log level = 3
idmap config REALM : range = 2000000-2999999
idmap config REALM : backend = rid
idmap config * : range = 10000-999999
idmap config * : backend = tdb
winbind use default domain = no
winbind refresh tickets = yes
winbind offline logon = yes
winbind enum groups = no
winbind enum users = no
username map = /etc/samba/user.map
bind interfaces only = yes
interfaces = lo eth0
vfs objects = acl_xattr
acl_xattr:default acl style = windows
map acl inherit = yes
store dos attributes = yes
template shell = /bin/false
disable netbios = yes
client max protocol = SMB3
smb encrypt = desired
access based share enum = yes
template homedir = /srv/samba/Users/%U
obey pam restrictions = yes
[Users]
path = /srv/samba/Users
comment = Share for user home dirs
guest ok = no
read only = no
[Shared]
path = /srv/samba/Shared
guest ok = no
read only = no
krb5.conf on file server
------------------------------
[libdefaults]
default_realm = REALM.EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = true
--
Mason
More information about the samba
mailing list