[Samba] Samba + Winbind : Kerberos Tickets

Rowland penny rpenny at samba.org
Wed Jul 15 13:23:18 UTC 2020 

On 15/07/2020 14:12, Robert Buck via samba wrote:
> Hi Folks,
>
> We're in the process of setting up a Samba cluster (Samba+CTDB+etcd), and
> we (presently) using Winbind. We use AD. We're finding that the domain join
> (or kerberos ticket renewal) is unreliable. Every day we find Samba/Winbind
> is no longer joined to the domain. Now, we're in a bit of a learning curve
> here, and automating everything with Terraform + Ansible. We have yet to
> produce a stable environment with respect to domain join, though the file
> systems themselves seem fine.
>
> One challenge is the vast array of (frequently inconsistent or inaccurate)
> documentation on the topic of Samba, different ways to do the same things,
> etc. So part of our challenge is sifting through useful, or not so useful,
> information.
>
> We really need an accurate recipe for installing Samba, all its
> dependencies, including Winbind (or alternative), having this domain
> joined, and supporting Windows File History.
>
> Can anyone of the core Samba team members point our way through the
> "wilderness"? ;-) To either a very up to date, very accurate, bash script
> that has every step detailed, or a document that has been tested recently
> that works flawlessly?
>
> This would be very helpful.
>
> We're excited to see the prospect of a distributed Samba cluster working
> across several AWS regions, and initial testing has produced great results
> in terms of performance and recoverability. But it's this last mile of
> getting AD join stable and kerberos tickets automatically renewed, and not
> dropping domain join, working, that is causing us issue.
>
> And any detailed information (script ideally) on how to configure Windows
> File History, would also be helpful.
>
> Thank you so much in advance, we really appreciate this.
>
> Kindly,
>
Can we see the smb.conf file you are using at present, because you 
definitely shouldn't have to re-join every day:

rowland at devstation:~/tests$ uptime
  14:19:11 up 16 days,  3:20,  1 user,  load average: 0.60, 0.92, 0.93

That was only because of an electrical problem, I cannot actually 
remember when the computer was joined to the domain ;-)

Rowland

More information about the samba mailing list