[Samba] samba domain member strange behavior lost users and shares

basti mailinglist at unix-solution.de
Fri Jan 10 09:01:36 UTC 2020 

Hello,
my samba domain member file server do some strange thinks.

First of all Version 4.9.5-Debian and smb.conf is this:

[global]
   workgroup = SAMDOM
   security = ADS
   realm = SAMDOM.EXAMPLE.COM

   log file = /var/log/samba/%m.log
   log level = 1

   winbind refresh tickets = Yes
   vfs objects = acl_xattr
   map acl inherit = Yes
   store dos attributes = Yes

   dedicated keytab file = /etc/krb5.keytab
   kerberos method = secrets and keytab

   winbind use default domain = yes

   load printers = no
   printing = bsd
   printcap name = /dev/null
   disable spoolss = yes

   idmap config * : backend = tdb
   idmap config * : range = 1000-1005
   # idmap config for the SAMDOM domain
   # alf has uid 1007
   # yes i know its not the best
   idmap config SAMDOM:backend = ad
   idmap config SAMDOM:schema_mode = rfc2307
   idmap config SAMDOM:range = 1006-999999
   idmap config SAMDOM:unix_nss_info = yes

    # fix dfs error's in log ?
    host msdfs = no

   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 10000
   panic action = /usr/share/samba/panic-action %d

   vfs object = recycle
   recycle:repository = /home/samba/Papierkorb/%U
   recycle:keeptree = yes
   recycle:exclude = *.tmp *.temp *.swp
   recycle:exclude_dir = /tmp /temp
   recycle:touch = yes

   admin users = root, Administrator, @Domain Admins, admin

[... shares]


Sometimes (multiple times a week) users can't login.
wbinfo -u does not show any user. restart winbind sometimes solve this
but not in all cases. then a "net ads join" is needed.

today there is an other problem.
user cant connect to share via login script (system error 1240). look
around on google and / or mailing list it indicates some "encrypted
passwords = no" problem. But man page say: Default: encrypt passwords = yes

the samba log show errors like:
reject request to share [Transfer] as 'SAMDOM\user' without encryption
or signing. Disconnecting.

I also look at the man page and the settings in my smb.conf seem to be ok.

That is not the only user / client pc that has problems with this samba
server. other samba server with the same global config does not have
this problems. I have also try to reinstall samba (delete all tdb and
ldb files) an rejoin without suggests.

At the moment i have no idea how to fix it or find the problem.

Best regards,

p.s. klist show only expired tickets, on all member server? should that
be updated if winbind refresh tickets = Yes is set?

More information about the samba mailing list