[Samba] domain join becomes invalid every 24h

Alexis Pellicier alexis.pellicier at nds.k12.tr
Wed Apr 24 07:20:57 UTC 2024


Hello,

I'm facing an issue with a file server working under samba  4.17.12
and  joined to my domain as domain member:  Every 24h hours the domain
join becomes invalid:
#net ads testjoin
kerberos_kinit_password FILESERVER$@MY.DOMAIN failed: Preauthentication failed
Join to domain is not valid: LDAP_INVALID_CREDENTIALS

Then  I need to rejoin to come back to normal:
net ads join --use-krb5-ccache=CCACHE

The domain is controlled by a DC and a BC  under samba 4.17.12.

below are some settings which seems to be relevant from smb.conf:
member smb.conf
[global]
       security = ads
       realm = MY.DOMAIN
       preferred master = no
       domain master = no
       local master = no
       disable netbios = Yes
       server signing = auto
       kerberos method = secrets and keytab

controler smb.conf
[global]
       realm = ilkokul.nds.k12.tr
       netbios name = DOM
       server role = active directory domain controller
       server services = -nbt
       smb ports = 445
       idmap_ldb:use rfc2307 = yes
       kerberos method = default
       kdc enable fast = yes
       ldap server require strong auth = no

As test I joined another server as member and I didnt see this issue.
I have another site with the same setup and I haven't seen this issue neither

Any information which could help me to solve this is welcome.

Thanks



More information about the samba mailing list