[Samba] domain join becomes invalid every 24h
Alexis Pellicier
alexis.pellicier at nds.k12.tr
Wed Apr 24 07:58:50 UTC 2024
Hi Rowland,
> Your smb.conf seems to be insufficient, there are no 'idmap config'
> lines, are you using sssd ?
Yes I'm using sssd and I didn't posted idmap config lines to keep it
brief, here it is:
[global]
netbios name = FILESEVER
workgroup = WORKGROUP
security = ads
realm = MY.DOMAIN
preferred master = no
domain master = no
local master = no
disable netbios = Yes
server signing = auto
kerberos method = secrets and keytab
min domain uid = 500
idmap config * : backend = tdb
idmap config * : range = 1000100-3000000
idmap config WORKGROUP : backend = ad
idmap config WORKGROUP : range = 500-1000000
idmap config WORKGROUP : unix_nss_info = yes
idmap config WORKGROUP : unix_primary_group = yes
idmap config WORKGROUP : schema_mode = rfc2307
reset on zero vc = yes
socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=30
TCP_KEEPCNT=3 TCP_KEEPINTVL=3
disable spoolss = yes
>
> Rowland
>
> PS there really wasn't much point in sanitising the realm in the
> fileserver and not in the DC, also what happened to the 'workgroup'
> line ?
Oups... I guess it's too late now.
Here a more complete version of DC's smb.conf
[global]
workgroup = WORKGROUP
realm = my.domain
netbios name = DOM
server role = active directory domain controller
server services = -nbt
smb ports = 445
idmap_ldb:use rfc2307 = yes
kerberos method = default
kdc enable fast = yes
allow dns updates = signed
ntp signd socket directory = /var/lib/ntp/ntp_signd
ldap server require strong auth = no
More information about the samba
mailing list