[Samba] Samba 4 AD member loose membership after DC reboot

Thu Mar 31 12:29:28 UTC 2022

Hi Rowland,

thanks for your quick response.

Here it is a member smb.conf:

# Global parameters
[global]
         workgroup = UPC-CT
         realm = UPC-CT.UPC.EDU
         netbios name = RADI
         netbios aliases = RADI.UPC.ES RADI.UPC.EDU
         security = ADS

         log level = 5
         username map = /var/lib/samba/user.map

         winbind enum users = yes
         winbind enum groups = yes
         winbind nss info = rfc2307
         winbind use default domain = Yes
         winbind refresh tickets = yes
         winbind offline logon = yes
         winbind cache time = 60

idmap config * : backend = tdb
idmap config * : range = 100-499
idmap config UPC-CT:backend = ad
idmap config UPC-CT:schema_mode = rfc2307
idmap config UPC-CT:range = 500-999999
idmap config UPC-CT:unix_nss_info = yes

vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes

         interfaces = lo eth0
         bind interfaces only = yes

[users]
          path = /home/users/
          read only = no
          force create mode = 0600
          force directory mode = 0700
..........<here come shares>..............

Francesc Bassas Serramià
Serveis Informàtics Campus Terrassa
C/ Colom 2
08222 Terrassa (Barcelona)
Telèfon : 93.73.98630
https://serveis.terrassa.upc.edu/sict

El 31/3/2022 a les 14:00, samba-request at lists.samba.org ha escrit:
> On Thu, 2022-03-31 at 11:56 +0200, Frank via samba wrote:
>> Hi there,
>>
>> we have a Samba 4 AD installation with one DC and two members.
>>
>> All of them are ubuntu 20.04 with samba 4.13
>>
>> The thing is when DC is rebooted, it seems members loose its
>> membership,
>> and the only way to recover it is to reboot the member.
>>
>> In the wrong state, we get the following in members:
>>
>> # net ads testjoin
>> ads_connect: No logon servers are currently available to service the
>> logon request.
>> Join to doman is not valid: No logon servers are currently available
>> to
>> service the logon request.
>>
>> After member reboot, "testjoin" shows membership recovered:
>>
>> # net ads testjoin
>> Join is OK.
>>
>> We suspect it has to do with some winbind parameter.
> It may be, but has you haven't provided the smb.conf files you are
> using, saying which parameter, if any, would be a guess.
> Please post the smb.conf from the DC and a Unix domain member.
>
> Rowland
>
>
>
>
-- 
Aquest missatge ha estat escanejat per trobar-hi virus i
contingut perillós per MailScanner i es
considera que és net.