[Samba] Synology NAS looses connection to Samba AD

Alexander Harm alexander.harm at apfelq.com
Wed Mar 25 10:36:13 UTC 2020

Samba DC:

# Global parameters
    log level = 1 auth_audit:3
    netbios name = KA-H9-DC01
    realm = DS.EXAMPLE.COM
    server role = active directory domain controller
    workgroup = EXAMPLE

    dns forwarder =

    ntlm auth = mschapv2-and-ntlmv2-only

    tls enabled = yes
    tls keyfile = tls/ka-h9-dc01.key
    tls certfile = tls/ka-h9-dc01.crt
    tls cafile = tls/ds-ca.pem

    path = /var/lib/samba/sysvol/ds.EXAMPLE.COM/scripts
    read only = No

    path = /var/lib/samba/sysvol
    read only = No

    printcap name=cups
    winbind enum groups=yes
    admin users=@EXAMPLE\Domain Admins, at EXAMPLE\Enterprise Admins
    encrypt passwords=yes
    min protocol=NT1
    local master=no
    syno sync dctime=no
    passdb backend=smbpasswd
    ldap timeout=60
    max protocol=SMB3
    winbind enum users=yes
    load printers=yes
and in a second file

    follow symlinks=no
    create mask=
    log level=0
    wide links=no
    prev domain=EXAMPLE
    server signing=no
    msdfs root=no
    vfs objects=
    reset on zero vc=no
    directory mask=
    syno catia=no
    veto files=
    smb2 leases=no
    btrfs clone=no
    winbind expand groups=1
    syno wildcard search=no
    enable nt4 enum=no
    allow insecure widelinks=no
    enable veto files=no
    disable shadow copy=no

On 25. March 2020 at 11:27:22, Rowland penny via samba (samba at lists.samba.org) wrote:

On 25/03/2020 10:01, Alexander Harm via samba wrote:  
> We have to Samba DCs and a couple of Synology NAS connected/bound to the Samba AD. On regular basis the Synology NAS (I believe Samba 4.4.16) looses its connection to the AD outputting the error message, that the domain cannot be found. In the logs of the NAS I can only find the error message “synowin: domain_test_join.c:59 net ads test join fail”.  
Well, that would seem to suggest that the NAS isn't joined to the domain  
> In the logs of the DC I notice that from one second to the other the connection seems to fail:  
> [2020/03/18 00:51:45.001044, 3] ../../auth/auth_log.c:653(log_authentication_event_human_readable) Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)][FILESERVER$@DS.EXAMPLE.COM] at [Wed, 18 Mar 2020 00:51:45.001031 CET] with [aes256-cts-hmac-sha1–96] status [NT_STATUS_OK] workstation [(null)] remote host [ipv4:] became [EXAMPLE][FILESERVER$] [S–1–5–21–1451753080–565542361–3466525082–2103]. local host [NULL][2020/03/18 00:53:49.362120, 2] ../../auth/auth_log.c:653(log_authentication_event_human_readable) Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)][FILESERVER$@DS.EXAMPLE.COM] at [Wed, 18 Mar 2020 00:53:49.362103 CET] with [aes256-cts-hmac-sha1–96] status [NT_STATUS_WRONG_PASSWORD] workstation [(null)] remote host [ipv4:] mapped to [EXAMPLE][FILESERVER$]. local host [NULL]  
> Can anyone explain to me what happens and how to fix this?  

It does look like your NAS isn't joined to the domain, this would  

Can you post the smb.conf from the DC and, if possible, from the NAS.  


To unsubscribe from this list go to the following URL and read the  
instructions: https://lists.samba.org/mailman/options/samba  

More information about the samba mailing list