[Samba] potential machine account expiry question

[Jason Keltz]

On 11/2/2021 10:54 AM, Rowland Penny via samba wrote:

> On Tue, 2021-11-02 at 15:31 +0100, L.P.H. van Belle via samba wrote:
>> Keep in mind, if you use SSSD with my packages, you MUST recompile
>> SSSD
>>
> The OP never mentioned sssd.
> I have just started a Unix domain member that hadn't run since January
> and it worked for myself.
> This could be just misconfiguration, so it might help if the OP posted
> a smb.conf from one of the machines that isn't working.
>
> Rowland
>
Hi Rowland,

Thanks for clarifying - you are correct that I am not using SSSD at all.

I'm more than happy to share my smb.conf with you.  I removed comments 
to make it smaller.  The same file is used by every single Linux machine 
in the domain - working and not working, and only the ones that have 
been off for awhile have the problem...

[global]
workgroup = MYCOMPANY
security = ADS
realm = AD.MY.COMPANY.COM
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
idmap config * : backend = tdb
idmap config * : range = 1000000-1999999
idmap config MYCOMPANY : backend = ad
idmap config MYCOMPANY: schema_mode = rfc2307
idmap config MYCOMPANY: range = 1000-999999
idmap config MYCOMPANY: unix_primary_group = yes
idmap config MYWORKGROUP: unix_nss_info = yes
winbind refresh tickets = yes
winbind offline logon = yes
winbind nss info = rfc2307
winbind use default domain = yes
winbind enum users  = no
winbind enum groups = no
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
template shell = /bin/bash
template homedir = /eecs/home/%U
debug timestamp = yes
debug uid = yes
debug pid = yes
debug level = 1
max log size = 0

----

Any thoughts on commands I might try to see my domain join status?  As I 
mentioned, wbinfo -u and wbinfo -g are working, but getent passwd is 
failing...

(same kerberos config, same /etc/nsswitch.conf, etc. on every host).

Jason.