[Samba] Windows clients require reboot once a day in order to access mapped drives

Mason Schmitt mason at ftlcomputing.com
Thu Apr 18 17:49:28 UTC 2019 

Hello,

I hope someone has seen this before and knows what's going on.  Given the
time delay between the problem recurring, I'm guessing the issue lies with
Kerberos, but I'm not sure how to verify that or how to resolve the issue.
If you need more info, please let me know.

Problem:
Each morning, windows users are not able to access their mapped drives.
Once they reboot their computers, they are fine for another day.

Configuration:

   - Samba AD DC, running on Ubuntu 18.04, using the stock samba package
   (4.7.6)
   - Samba file server, running on CentOS 7.6, using the stock samba
   package (4.8.3)
   - Mix of windows 7 and windows 10 clients.  Users on both platforms have
   reported this issue



smb.conf on AD DC
--------------------------------

# Global parameters
[global]
        dns forwarder = 10.0.38.1
        netbios name = AD1
        realm = REALM.EXAMPLE.COM
        server role = active directory domain controller
        workgroup = REALM
        idmap_ldb:use rfc2307 = yes

[netlogon]
        path = /var/lib/samba/sysvol/realm.example.com/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No


krb5.conf on AD DC
------------------------------
[libdefaults]
        default_realm =  REALM.EXAMPLE.COM
        dns_lookup_realm = false
        dns_lookup_kdc = true



smb.conf on file server
----------------------------------

[global]
kerberos method = system keytab
workgroup = REALM
security = ads
realm = REALM.EXAMPLE.COM

# Logging
log file = /var/log/samba/%m.log
log level = 3

idmap config REALM : range = 2000000-2999999
idmap config REALM : backend = rid
idmap config * : range = 10000-999999
idmap config * : backend = tdb

winbind use default domain = no
winbind refresh tickets = yes
winbind offline logon = yes
winbind enum groups = no
winbind enum users = no

username map = /etc/samba/user.map
bind interfaces only = yes
interfaces = lo eth0

vfs objects = acl_xattr
acl_xattr:default acl style = windows
map acl inherit = yes
store dos attributes = yes
template shell = /bin/false
disable netbios = yes
client max protocol = SMB3
smb encrypt = desired
access based share enum = yes
template homedir = /srv/samba/Users/%U
obey pam restrictions = yes

[Users]
        path = /srv/samba/Users
        comment = Share for user home dirs
        guest ok = no
        read only = no

[Shared]
       path = /srv/samba/Shared
       guest ok = no
       read only = no


krb5.conf on file server
------------------------------
[libdefaults]
        default_realm =  REALM.EXAMPLE.COM
        dns_lookup_realm = false
        dns_lookup_kdc = true


-- 

Mason

More information about the samba mailing list