[Samba] Windows clients require reboot once a day in order to access mapped drives

Mason Schmitt mason at ftlcomputing.com
Tue Apr 30 17:38:59 UTC 2019 

>
>
> I would check 3 things here before this is reported as bug.
>
> Kerberos/Authentication. krb5.conf, Did you change the : clockskew or
> renew_lifetime
> Set only this :
> [libdefaults]
>     default_realm = YOUR.REALM.TLD
>     dns_lookup_kdc = true
>     dns_lookup_realm = false
>

I have not played with clockskew or renew_lifetime.  Both my DC and file
server have the following krb5.conf file.

[libdefaults]
        default_realm = YOUR.REALM.TLD
        dns_lookup_realm = false
        dns_lookup_kdc = true


Are the pc's connected to multiple servers. Then on these servers run :
> smbstatus -A
> Check these outputs.
>
> The windows clients, do these have SMB1 still enabled or not?
>

Windows 10 clients (the only ones having the problem) have SMB1 disabled by
default.  I have not re-enabled it.

Currently, when I run smbstatus -A I see clients connection with either
protocol version 2_10 or 3_11.



> And what are the windows eventlogs telling ( post event id and part of
> description ).
>

As noted in my previous email, after spending a half hour looking through
event logs I didn't see anything.


Now, you can try these also. I tested samba 4.9.6 and 4.10.2 on Debian 9.
>
>     smb encrypt = required
>

That will disconnect my win7 clients, so I can't try that.



>     client min protocol = SMB2
>     client max protocol = SMB3
>

My reading of the man page suggests that these settings apply to smbclient,
not windows clients connecting to the samba server.  I had previously
thought, prior to reading the man page, that this would limit which
protocols were available to connecting clients, but I can confirm that it
does not perform that function.  However, setting server min protocol =
SMB2 and/or server max protocol = SMB3, does limit what clients can do.
However, to my surprise, if I set 'server max protocol = SMB2' windows 10
clients cannot connect.  So, my current understanding is that if one has
Win10 clients on the network, you cannot set 'server max protocol' to
anything less than SMB3.

I currently can't disable SMB1 on this server, as there is a scanner that
connects via SMB1 to one of my shares.  I'm working to change that, but I
can't eliminate it just yet.


--
Mason

More information about the samba mailing list