In my small home network I have the following setup:
main site at home:
- AD-DC and
- one file (member) server
- one windows client and and
- one Debian box
- one backup server
- router as VPN server
during week near working place connected by VPN:
- AD-DC (set up as VPN client) and
- one file server
- one windows client
All the AD-DCs and the file servers run Samba 4.2-rc2,
replication between the DCs looks good, the windows
client use the correct logon server, i.e. setting up
the servers and the AD sites looks OK. Both DCs run
Bind 9.9, on the file servers there are Bind 9.9 slave
servers. All boxes got fixed IPs. DNS works like a charm.
All Linux machines are running SSSD 1.11.7, which most
of the time works great...
The file servers are tyically shut down over night in
order not to waste unnecessary electrical power. The
DCs are small machines, one Rasberry Pi and one Cubietruck,
which are allways on.
I only have one nasty issue: every couple of days one
of member servers or the Linux client sssd stops
working and I have to produce a new keytab file. When
doing a klist -k /etc/sssd.keytab I see that the KVNO
of the newly generated keytab is incremented by one.
Does anybody have a clue on how to troubleshoot this?
Did I miss to copy something from the main DC to the
secondary one? Any help is greatly appretiated. I did
try to search, but all the references I found, exceed
the level of my technical expertise... apparently.
TIA
Peter
