[Samba] domain join becomes invalid every 24h
Rowland Penny
rpenny at samba.org
Wed Apr 24 07:37:37 UTC 2024
On Wed, 24 Apr 2024 10:20:57 +0300
Alexis Pellicier via samba <samba at lists.samba.org> wrote:
> Hello,
>
> I'm facing an issue with a file server working under samba 4.17.12
> and joined to my domain as domain member: Every 24h hours the domain
> join becomes invalid:
> #net ads testjoin
> kerberos_kinit_password FILESERVER$@MY.DOMAIN failed:
> Preauthentication failed Join to domain is not valid:
> LDAP_INVALID_CREDENTIALS
>
> Then I need to rejoin to come back to normal:
> net ads join --use-krb5-ccache=CCACHE
>
> The domain is controlled by a DC and a BC under samba 4.17.12.
>
> below are some settings which seems to be relevant from smb.conf:
> member smb.conf
> [global]
> security = ads
> realm = MY.DOMAIN
> preferred master = no
> domain master = no
> local master = no
> disable netbios = Yes
> server signing = auto
> kerberos method = secrets and keytab
>
Your smb.conf seems to be insufficient, there are no 'idmap config'
lines, are you using sssd ?
Rowland
PS there really wasn't much point in sanitising the realm in the
fileserver and not in the DC, also what happened to the 'workgroup'
line ?
More information about the samba
mailing list