[Samba] samba domain member strange behavior lost users and shares
mailinglist at unix-solution.de
Fri Jan 10 09:01:36 UTC 2020
my samba domain member file server do some strange thinks.
First of all Version 4.9.5-Debian and smb.conf is this:
workgroup = SAMDOM
security = ADS
realm = SAMDOM.EXAMPLE.COM
log file = /var/log/samba/%m.log
log level = 1
winbind refresh tickets = Yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind use default domain = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
idmap config * : backend = tdb
idmap config * : range = 1000-1005
# idmap config for the SAMDOM domain
# alf has uid 1007
# yes i know its not the best
idmap config SAMDOM:backend = ad
idmap config SAMDOM:schema_mode = rfc2307
idmap config SAMDOM:range = 1006-999999
idmap config SAMDOM:unix_nss_info = yes
# fix dfs error's in log ?
host msdfs = no
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 10000
panic action = /usr/share/samba/panic-action %d
vfs object = recycle
recycle:repository = /home/samba/Papierkorb/%U
recycle:keeptree = yes
recycle:exclude = *.tmp *.temp *.swp
recycle:exclude_dir = /tmp /temp
recycle:touch = yes
admin users = root, Administrator, @Domain Admins, admin
Sometimes (multiple times a week) users can't login.
wbinfo -u does not show any user. restart winbind sometimes solve this
but not in all cases. then a "net ads join" is needed.
today there is an other problem.
user cant connect to share via login script (system error 1240). look
around on google and / or mailing list it indicates some "encrypted
passwords = no" problem. But man page say: Default: encrypt passwords = yes
the samba log show errors like:
reject request to share [Transfer] as 'SAMDOM\user' without encryption
or signing. Disconnecting.
I also look at the man page and the settings in my smb.conf seem to be ok.
That is not the only user / client pc that has problems with this samba
server. other samba server with the same global config does not have
this problems. I have also try to reinstall samba (delete all tdb and
ldb files) an rejoin without suggests.
At the moment i have no idea how to fix it or find the problem.
p.s. klist show only expired tickets, on all member server? should that
be updated if winbind refresh tickets = Yes is set?
More information about the samba