[Samba] Samba + Winbind : Kerberos Tickets

[Robert Buck]

Hi Folks,

We're in the process of setting up a Samba cluster (Samba+CTDB+etcd), and
we (presently) using Winbind. We use AD. We're finding that the domain join
(or kerberos ticket renewal) is unreliable. Every day we find Samba/Winbind
is no longer joined to the domain. Now, we're in a bit of a learning curve
here, and automating everything with Terraform + Ansible. We have yet to
produce a stable environment with respect to domain join, though the file
systems themselves seem fine.

One challenge is the vast array of (frequently inconsistent or inaccurate)
documentation on the topic of Samba, different ways to do the same things,
etc. So part of our challenge is sifting through useful, or not so useful,
information.

We really need an accurate recipe for installing Samba, all its
dependencies, including Winbind (or alternative), having this domain
joined, and supporting Windows File History.

Can anyone of the core Samba team members point our way through the
"wilderness"? ;-) To either a very up to date, very accurate, bash script
that has every step detailed, or a document that has been tested recently
that works flawlessly?

This would be very helpful.

We're excited to see the prospect of a distributed Samba cluster working
across several AWS regions, and initial testing has produced great results
in terms of performance and recoverability. But it's this last mile of
getting AD join stable and kerberos tickets automatically renewed, and not
dropping domain join, working, that is causing us issue.

And any detailed information (script ideally) on how to configure Windows
File History, would also be helpful.

Thank you so much in advance, we really appreciate this.

Kindly,

-- 

BOB BUCK
SENIOR PLATFORM SOFTWARE ENGINEER

SKIDMORE, OWINGS & MERRILL
7 WORLD TRADE CENTER
250 GREENWICH STREET
NEW YORK, NY 10007
T  (212) 298-9624
ROBERT.BUCK at SOM.COM