Denis Morejon
2021-Mar-26 13:35 UTC
[Samba] Linux workstations lose relationship with domain
Rowland: As you suggested, I put (winbind refresh tickets = yes) in the smb.conf file of my workstations. So that they don't try to renew It's computer password account with the domain. But now I realize that they don't use the winbind service! Sory Note: I didn't edit these files by hand. We just installed pbis and It did It. Here their smb.conf file. [global] winbind refresh tickets = yes ?? workgroup = WORKGROUP ??? server string = %h server (Samba, Ubuntu) ?? dns proxy = no ?? log file = /var/log/samba/log.%m ?? max log size = 1000 ?? syslog = 0 ?? panic action = /usr/share/samba/panic-action %d ?? server role = standalone server ?? passdb backend = tdbsam ?? obey pam restrictions = yes ?? unix password sync = yes ?? passwd program = /usr/bin/passwd %u ?? passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . ?? pam password change = yes ?? map to guest = bad user ?? usershare allow guests = yes [printers] ?? comment = All Printers ?? browseable = no ?? path = /var/spool/samba ?? printable = yes ?? guest ok = no ?? read only = yes ?? create mask = 0700 [print$] ?? comment = Printer Drivers ?? path = /var/lib/samba/printers ?? browseable = yes ?? read only = yes ?? guest ok = no El 24/3/21 a las 16:46, Rowland penny via samba escribi?:> On 24/03/2021 20:30, Denis Morejon via samba wrote: >> How can I set computer account expiration time? To avoid expiration?? >> >> I think that It must be set in the workstations, as they are who >> query the password change to DCs. >> >> I can do that using policies for Windows workstations. But how can I >> do that on Linux WorkStations? >> >> > > Add 'winbind refresh tickets = yes' to the smb.conf file. > > Rowland > > >
Rowland penny
2021-Mar-26 13:52 UTC
[Samba] Linux workstations lose relationship with domain
On 26/03/2021 13:35, Denis Morejon via samba wrote:> Rowland: > > As you suggested, I put (winbind refresh tickets = yes) in the > smb.conf file of my workstations. So that they don't try to renew It's > computer password account with the domain. > > But now I realize that they don't use the winbind service! Sory > > Note: I didn't edit these files by hand. We just installed pbis and It > did It.I suggest you go and ask PBIS, Samba does not produce PBIS and does not (cannot) support it. Further, that smb.conf is not for a Unix domain member, you are, in my opinion, running Samba in an unsupported way. i think your problem when you tried to update to Samba 4.8.x was caused by the fact that in a domain, from 4.8.0 , you need to run Winbind and as you say, you are not doing this. Rowland