samba - Mar 2021 - Linux workstations lose relationship with domain

On 23/03/2021 14:47, Denis Morejon via samba wrote:
> Thank you Rowland!
>
> I have another clue for my problem (The lost of domain relationship). 
> The problem began just after the change of time in my country on 
> Sunday. I changed the time manually on both domain servers
>
> (They use ntp for the clients to sync with they) and after that, on 
> Monday, some linux workstations lost the relationship. But you know 
> what? none of my Windows 10 workstations lost the domain relationship!
>
> We use pbis en Ubuntu 18.04 and Linux Mint 20 workstations to connect 
> to the domain. I suspect that the change of time was the cause. But 
> even changing the time on those linux workstations first (For some 
> reason ntp didn't work, but this is not the point right now), they 
> didn't connected to the domain! And It was necessary to join again 
> manually (One by one!).
>
> This is the smb.conf of a workstation that lost the domain ralationship
>
> [global]
> ??? server string = %h server (Samba, Ubuntu)
> ?? dns proxy = no
> ?? log file = /var/log/samba/log.%m
> ?? max log size = 1000
> ?? syslog = 0
> ?? panic action = /usr/share/samba/panic-action %d
> ?? server role = standalone server
> ?? obey pam restrictions = yes
> ?? unix password sync = yes
> ?? passwd program = /usr/bin/passwd %u
> ?? passwd chat = *Enter\snew\s*\spassword:* %n\n 
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> ?? pam password change = yes
> ?? map to guest = bad user
> ?? usershare allow guests = yes
>
> [printers]
> ?? comment = All Printers
> ?? browseable = no
> ?? path = /var/spool/samba
> ?? printable = yes
> ?? create mask = 0700
>
> [print$]
> ?? comment = Printer Drivers
> ?? path = /var/lib/samba/printers
>
As we do not produce PBIS, we do not (cannot) provide support for it. 
Also that smb.conf is for a standalone server and, as such, it cannot be 
an AD domain member.

Is winbind running ?

Rowland

How can I set computer account expiration time? To avoid expiration??

I think that It must be set in the workstations, as they are who query 
the password change to DCs.

I can do that using policies for Windows workstations. But how can I do 
that on Linux WorkStations?



El 23/3/21 a las 11:08, Rowland penny via samba
escribi?:
> On 23/03/2021 14:47, Denis Morejon via samba wrote:
>> Thank you Rowland!
>>
>> I have another clue for my problem (The lost of domain relationship). 
>> The problem began just after the change of time in my country on 
>> Sunday. I changed the time manually on both domain servers
>>
>> (They use ntp for the clients to sync with they) and after that, on 
>> Monday, some linux workstations lost the relationship. But you know 
>> what? none of my Windows 10 workstations lost the domain relationship!
>>
>> We use pbis en Ubuntu 18.04 and Linux Mint 20 workstations to connect 
>> to the domain. I suspect that the change of time was the cause. But 
>> even changing the time on those linux workstations first (For some 
>> reason ntp didn't work, but this is not the point right now), they 
>> didn't connected to the domain! And It was necessary to join again 
>> manually (One by one!).
>>
>> This is the smb.conf of a workstation that lost the domain ralationship
>>
>> [global]
>> ??? server string = %h server (Samba, Ubuntu)
>> ?? dns proxy = no
>> ?? log file = /var/log/samba/log.%m
>> ?? max log size = 1000
>> ?? syslog = 0
>> ?? panic action = /usr/share/samba/panic-action %d
>> ?? server role = standalone server
>> ?? obey pam restrictions = yes
>> ?? unix password sync = yes
>> ?? passwd program = /usr/bin/passwd %u
>> ?? passwd chat = *Enter\snew\s*\spassword:* %n\n 
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>> ?? pam password change = yes
>> ?? map to guest = bad user
>> ?? usershare allow guests = yes
>>
>> [printers]
>> ?? comment = All Printers
>> ?? browseable = no
>> ?? path = /var/spool/samba
>> ?? printable = yes
>> ?? create mask = 0700
>>
>> [print$]
>> ?? comment = Printer Drivers
>> ?? path = /var/lib/samba/printers
>>
>
> As we do not produce PBIS, we do not (cannot) provide support for it. 
> Also that smb.conf is for a standalone server and, as such, it cannot 
> be an AD domain member.
>
> Is winbind running ?
>
> Rowland
>
>
>