[Samba] domain join becomes invalid every 24h

Alexis Pellicier alexis.pellicier at nds.k12.tr
Wed Apr 24 07:58:50 UTC 2024


Hi Rowland,

> Your smb.conf seems to be insufficient, there are no 'idmap config'
> lines, are you using sssd ?
Yes I'm using sssd and I didn't posted idmap config lines to keep it
brief, here it is:
[global]
       netbios name = FILESEVER
       workgroup = WORKGROUP
       security = ads
       realm = MY.DOMAIN
       preferred master = no
       domain master = no
       local master = no
       disable netbios = Yes
       server signing = auto
       kerberos method = secrets and keytab

        min domain uid = 500
        idmap config * : backend = tdb
        idmap config * : range = 1000100-3000000
        idmap config WORKGROUP : backend  = ad
        idmap config WORKGROUP : range = 500-1000000
        idmap config WORKGROUP : unix_nss_info = yes
        idmap config WORKGROUP : unix_primary_group = yes
        idmap config WORKGROUP : schema_mode = rfc2307

        reset on zero vc = yes
        socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=30
TCP_KEEPCNT=3 TCP_KEEPINTVL=3

        disable spoolss = yes

>
> Rowland
>
> PS there really wasn't much point in sanitising the realm in the
> fileserver and not in the DC, also what happened to the 'workgroup'
> line ?
Oups... I guess it's too late now.
Here a more complete version of DC's smb.conf
[global]
       workgroup = WORKGROUP
       realm = my.domain
       netbios name = DOM
       server role = active directory domain controller
       server services = -nbt
       smb ports = 445
       idmap_ldb:use rfc2307 = yes
       kerberos method = default
       kdc enable fast = yes
       allow dns updates = signed
       ntp signd socket directory = /var/lib/ntp/ntp_signd
        ldap server require strong auth = no



More information about the samba mailing list