[Samba] Windows clients require reboot once a day in order to access mapped drives
Mason Schmitt
mason at ftlcomputing.com
Tue Apr 30 17:38:59 UTC 2019
>
>
> I would check 3 things here before this is reported as bug.
>
> Kerberos/Authentication. krb5.conf, Did you change the : clockskew or
> renew_lifetime
> Set only this :
> [libdefaults]
> default_realm = YOUR.REALM.TLD
> dns_lookup_kdc = true
> dns_lookup_realm = false
>
I have not played with clockskew or renew_lifetime. Both my DC and file
server have the following krb5.conf file.
[libdefaults]
default_realm = YOUR.REALM.TLD
dns_lookup_realm = false
dns_lookup_kdc = true
Are the pc's connected to multiple servers. Then on these servers run :
> smbstatus -A
> Check these outputs.
>
> The windows clients, do these have SMB1 still enabled or not?
>
Windows 10 clients (the only ones having the problem) have SMB1 disabled by
default. I have not re-enabled it.
Currently, when I run smbstatus -A I see clients connection with either
protocol version 2_10 or 3_11.
> And what are the windows eventlogs telling ( post event id and part of
> description ).
>
As noted in my previous email, after spending a half hour looking through
event logs I didn't see anything.
Now, you can try these also. I tested samba 4.9.6 and 4.10.2 on Debian 9.
>
> smb encrypt = required
>
That will disconnect my win7 clients, so I can't try that.
> client min protocol = SMB2
> client max protocol = SMB3
>
My reading of the man page suggests that these settings apply to smbclient,
not windows clients connecting to the samba server. I had previously
thought, prior to reading the man page, that this would limit which
protocols were available to connecting clients, but I can confirm that it
does not perform that function. However, setting server min protocol =
SMB2 and/or server max protocol = SMB3, does limit what clients can do.
However, to my surprise, if I set 'server max protocol = SMB2' windows 10
clients cannot connect. So, my current understanding is that if one has
Win10 clients on the network, you cannot set 'server max protocol' to
anything less than SMB3.
I currently can't disable SMB1 on this server, as there is a scanner that
connects via SMB1 to one of my shares. I'm working to change that, but I
can't eliminate it just yet.
--
Mason
More information about the samba
mailing list