[Samba] authentication problem

Pisch Tamás pischta at gmail.com
Thu Jan 9 07:41:40 UTC 2020 

Hi,

I have 4 Samba servers DC1, DC2, DC3, SRV8. DC3 is a domain controller and
file server, SRV8 is a file server.
Sometimes one/another computer cannot mount network shares from SRV8. We
can log in on that computer, but when we try to mount a network share,
Windows asks credentials for the share, but doesn't accept it. When we log
in with another user on the same computer, the result is the same. Same
users can mount shares on other computers. On the computer which cannot
mount shares from SRV8, I can mount shares from DC3.
I restarted the Samba services on SRV8, and after that, I could mount
shares on the computer what failed before. Next day I couldn't mount shares
on it again, and the restart of the Samba services didn't help.
Next try: I unjoined the computer from the domain, and joined it again: I
could mount the shares again, but next day the problem came back. Today, I
did the trick again, and I see the shares... I'm sure about that it will
fail again. What could be the problem?

smb.conf on SRV8:
[global]
bind interfaces only = Yes
dos charset = CP852
interfaces = lo eth0
log file = /var/log/samba/%m.log
log level = 1 auth:5
logon path = ""
name resolve order = lmhosts host bcast
realm = XYZ.XYZ.HU
security = ADS
template homedir = /home/%D/users/%U
template shell = /bin/bash
unix charset = UTF8
username map = /etc/samba/user.map
workgroup = XYZ
idmap config perczel : range = 10000-999999
idmap config perczel : backend = rid
idmap config * : range = 3000-7999
idmap config * : backend = tdb
csc policy = disable
map acl inherit = Yes
store dos attributes = Yes
vfs objects = acl_xattr

[example]
path = /home/xyz/example
read only = No

smb.conf on DCs:
[global]
bind interfaces only = Yes
dns forwarder = 208.67.220.220
interfaces = lo eth0
logon home = \\srv8\users\%U
logon path = ""
name resolve order = lmhosts host bcast
netbios name = DC1
realm = XYZ.XYZ.HU
server role = active directory domain controller
template shell = /bin/bash
workgroup = XYZ
idmap_ldb:use rfc2307 = yes

[netlogon]
path = /var/lib/samba/sysvol/xyz.xyz.hu/scripts
read only = No

[sysvol]
path = /var/lib/samba/sysvol
read only = No

Samba version: 4.10.11 on Debian Buster

More information about the samba mailing list