[Samba] Windows clients require reboot once a day in order to access mapped drives
Viktor Trojanovic
viktor at troja.ch
Wed May 1 09:24:18 UTC 2019
Hi Mason,
On 30.04.2019 19:41, Mason Schmitt wrote:
> Hi Viktor,
>
> I didn't go through all the conversations and I'm not sure if this will
> be of any help, I just wanted to inform that I've been using mapped
> drives with Windows 10 for ages and never had the problems you
> described. I also never added or changed the "smb encrypt" option. My
> Samba file server (AD member) was set up pretty much the way as is
> described in the official Wiki and it just works. I can confirm this
> for
> several versions from Samba 4.2.x to 4.9.x. And I never changed
> anything
> in the Windows 10 registry either.
>
>
> Would you be willing to share your config files? I'd be curious to see
> what's different between yours and mine.
>
> Probably having the smb.conf and krb5.conf files from both a samba DC
> and file server would be helpful.
>
Sure, here you go:
For the DC:
/etc/samba/smb.conf
--------------------
[global]
workgroup = SAMDOM
realm = SAMDOM.EXAMPLE.COM
netbios name = DC1
server role = active directory domain controller
dns forwarder = 8.8.8.8
idmap_ldb:use rfc2307 = yes
interfaces = eth0
bind interfaces only = Yes
[netlogon]
path = /var/lib/samba/sysvol/samdom.example.com/scripts
read only = No
write ok = Yes
acl_xattr:ignore system acls = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = No
write ok = Yes
acl_xattr:ignore system acls = yes
/etc/krb5.conf
--------------
default_realm = SAMDOM.EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = true
For the domain member (krb5.conf same as on DC)
/etc/samba/smb.conf
-------------------
[global]
netbios name = FILESERVER
workgroup = SAMDOM
security = ADS
realm = SAMDOM.EXAMPLE.COM
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
username map = /etc/samba/samba_usermap
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config SAMDOM:backend = ad
idmap config SAMDOM:schema_mode = rfc2307
idmap config SAMDOM:range = 10000-99999
idmap config SAMDOM:unix_nss_info = yes
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = Yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
[exampleshare]
path = /srv/samba/exampleshare
comment = "Example Data"
writeable = yes
These particular files are on Samba 4.9.4, clients are Win10.
Just fyi, I have a second installation where I'm not using keytabs on
the member and it works just as well.
Viktor
More information about the samba
mailing list