[Samba] Linux workstations lose relationship with domain

Denis Morejon denis.morejon at etecsa.cu
Wed Mar 24 20:30:07 UTC 2021 

How can I set computer account expiration time? To avoid expiration??

I think that It must be set in the workstations, as they are who query 
the password change to DCs.

I can do that using policies for Windows workstations. But how can I do 
that on Linux WorkStations?



El 23/3/21 a las 11:08, Rowland penny via samba escribió:
> On 23/03/2021 14:47, Denis Morejon via samba wrote:
>> Thank you Rowland!
>>
>> I have another clue for my problem (The lost of domain relationship). 
>> The problem began just after the change of time in my country on 
>> Sunday. I changed the time manually on both domain servers
>>
>> (They use ntp for the clients to sync with they) and after that, on 
>> Monday, some linux workstations lost the relationship. But you know 
>> what? none of my Windows 10 workstations lost the domain relationship!
>>
>> We use pbis en Ubuntu 18.04 and Linux Mint 20 workstations to connect 
>> to the domain. I suspect that the change of time was the cause. But 
>> even changing the time on those linux workstations first (For some 
>> reason ntp didn't work, but this is not the point right now), they 
>> didn't connected to the domain! And It was necessary to join again 
>> manually (One by one!).
>>
>> This is the smb.conf of a workstation that lost the domain ralationship
>>
>> [global]
>>     server string = %h server (Samba, Ubuntu)
>>    dns proxy = no
>>    log file = /var/log/samba/log.%m
>>    max log size = 1000
>>    syslog = 0
>>    panic action = /usr/share/samba/panic-action %d
>>    server role = standalone server
>>    obey pam restrictions = yes
>>    unix password sync = yes
>>    passwd program = /usr/bin/passwd %u
>>    passwd chat = *Enter\snew\s*\spassword:* %n\n 
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>    pam password change = yes
>>    map to guest = bad user
>>    usershare allow guests = yes
>>
>> [printers]
>>    comment = All Printers
>>    browseable = no
>>    path = /var/spool/samba
>>    printable = yes
>>    create mask = 0700
>>
>> [print$]
>>    comment = Printer Drivers
>>    path = /var/lib/samba/printers
>>
>
> As we do not produce PBIS, we do not (cannot) provide support for it. 
> Also that smb.conf is for a standalone server and, as such, it cannot 
> be an AD domain member.
>
> Is winbind running ?
>
> Rowland
>
>
>

More information about the samba mailing list