[Samba] Windows clients require reboot once a day in order to access mapped drives

Viktor Trojanovic viktor at troja.ch
Wed May 1 09:24:18 UTC 2019 

Hi Mason,

On 30.04.2019 19:41, Mason Schmitt wrote:
> Hi Viktor,
> 
>     I didn't go through all the conversations and I'm not sure if this will
>     be of any help, I just wanted to inform that I've been using mapped
>     drives with Windows 10 for ages and never had the problems you
>     described. I also never added or changed the "smb encrypt" option. My
>     Samba file server (AD member) was set up pretty much the way as is
>     described in the official Wiki and it just works. I can confirm this
>     for
>     several versions from Samba 4.2.x to 4.9.x. And I never changed
>     anything
>     in the Windows 10 registry either.
> 
> 
> Would you be willing to share your config files?  I'd be curious to see 
> what's different between yours and mine.
> 
> Probably having the smb.conf and krb5.conf files from both a samba DC 
> and file server would be helpful.
> 

Sure, here you go:

For the DC:

/etc/samba/smb.conf
--------------------

[global]
         workgroup = SAMDOM
         realm = SAMDOM.EXAMPLE.COM
         netbios name = DC1
         server role = active directory domain controller
         dns forwarder = 8.8.8.8
         idmap_ldb:use rfc2307 = yes
         interfaces = eth0
         bind interfaces only = Yes

[netlogon]
         path = /var/lib/samba/sysvol/samdom.example.com/scripts
         read only = No
         write ok = Yes
         acl_xattr:ignore system acls = yes

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No
         write ok = Yes
         acl_xattr:ignore system acls = yes


/etc/krb5.conf
--------------

default_realm = SAMDOM.EXAMPLE.COM
         dns_lookup_realm = false
         dns_lookup_kdc = true


For the domain member (krb5.conf same as on DC)

/etc/samba/smb.conf
-------------------
[global]

   netbios name = FILESERVER
   workgroup = SAMDOM
   security = ADS
   realm = SAMDOM.EXAMPLE.COM
   dedicated keytab file = /etc/krb5.keytab
   kerberos method = secrets and keytab

   username map = /etc/samba/samba_usermap

   idmap config *:backend = tdb
   idmap config *:range = 2000-9999
   idmap config SAMDOM:backend = ad
   idmap config SAMDOM:schema_mode = rfc2307
   idmap config SAMDOM:range = 10000-99999
   idmap config SAMDOM:unix_nss_info = yes

   winbind use default domain = yes
   winbind enum users  = yes
   winbind enum groups = yes
   winbind refresh tickets = Yes

   vfs objects = acl_xattr
   map acl inherit = Yes
   store dos attributes = Yes

   load printers = no
   printing = bsd
   printcap name = /dev/null
   disable spoolss = yes

[exampleshare]
   path = /srv/samba/exampleshare
   comment = "Example Data"
   writeable = yes

These particular files are on Samba 4.9.4, clients are Win10.

Just fyi, I have a second installation where I'm not using keytabs on
the member and it works just as well.

Viktor

More information about the samba mailing list