[Samba] domain join becomes invalid every 24h
Alexis Pellicier
alexis.pellicier at nds.k12.tr
Wed Apr 24 07:20:57 UTC 2024
Hello,
I'm facing an issue with a file server working under samba 4.17.12
and joined to my domain as domain member: Every 24h hours the domain
join becomes invalid:
#net ads testjoin
kerberos_kinit_password FILESERVER$@MY.DOMAIN failed: Preauthentication failed
Join to domain is not valid: LDAP_INVALID_CREDENTIALS
Then I need to rejoin to come back to normal:
net ads join --use-krb5-ccache=CCACHE
The domain is controlled by a DC and a BC under samba 4.17.12.
below are some settings which seems to be relevant from smb.conf:
member smb.conf
[global]
security = ads
realm = MY.DOMAIN
preferred master = no
domain master = no
local master = no
disable netbios = Yes
server signing = auto
kerberos method = secrets and keytab
controler smb.conf
[global]
realm = ilkokul.nds.k12.tr
netbios name = DOM
server role = active directory domain controller
server services = -nbt
smb ports = 445
idmap_ldb:use rfc2307 = yes
kerberos method = default
kdc enable fast = yes
ldap server require strong auth = no
As test I joined another server as member and I didnt see this issue.
I have another site with the same setup and I haven't seen this issue neither
Any information which could help me to solve this is welcome.
Thanks
More information about the samba
mailing list