Mason Schmitt
2019-Apr-18 17:49 UTC
[Samba] Windows clients require reboot once a day in order to access mapped drives
Hello, I hope someone has seen this before and knows what's going on. Given the time delay between the problem recurring, I'm guessing the issue lies with Kerberos, but I'm not sure how to verify that or how to resolve the issue. If you need more info, please let me know. Problem: Each morning, windows users are not able to access their mapped drives. Once they reboot their computers, they are fine for another day. Configuration: - Samba AD DC, running on Ubuntu 18.04, using the stock samba package (4.7.6) - Samba file server, running on CentOS 7.6, using the stock samba package (4.8.3) - Mix of windows 7 and windows 10 clients. Users on both platforms have reported this issue smb.conf on AD DC -------------------------------- # Global parameters [global] dns forwarder = 10.0.38.1 netbios name = AD1 realm = REALM.EXAMPLE.COM server role = active directory domain controller workgroup = REALM idmap_ldb:use rfc2307 = yes [netlogon] path = /var/lib/samba/sysvol/realm.example.com/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No krb5.conf on AD DC ------------------------------ [libdefaults] default_realm = REALM.EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = true smb.conf on file server ---------------------------------- [global] kerberos method = system keytab workgroup = REALM security = ads realm = REALM.EXAMPLE.COM # Logging log file = /var/log/samba/%m.log log level = 3 idmap config REALM : range = 2000000-2999999 idmap config REALM : backend = rid idmap config * : range = 10000-999999 idmap config * : backend = tdb winbind use default domain = no winbind refresh tickets = yes winbind offline logon = yes winbind enum groups = no winbind enum users = no username map = /etc/samba/user.map bind interfaces only = yes interfaces = lo eth0 vfs objects = acl_xattr acl_xattr:default acl style = windows map acl inherit = yes store dos attributes = yes template shell = /bin/false disable netbios = yes client max protocol = SMB3 smb encrypt = desired access based share enum = yes template homedir = /srv/samba/Users/%U obey pam restrictions = yes [Users] path = /srv/samba/Users comment = Share for user home dirs guest ok = no read only = no [Shared] path = /srv/samba/Shared guest ok = no read only = no krb5.conf on file server ------------------------------ [libdefaults] default_realm = REALM.EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = true -- Mason
Rowland Penny
2019-Apr-18 18:09 UTC
[Samba] Windows clients require reboot once a day in order to access mapped drives
On Thu, 18 Apr 2019 10:49:28 -0700 Mason Schmitt via samba <samba at lists.samba.org> wrote:> Hello, > > I hope someone has seen this before and knows what's going on. Given > the time delay between the problem recurring, I'm guessing the issue > lies with Kerberos, but I'm not sure how to verify that or how to > resolve the issue. If you need more info, please let me know. > > Problem: > Each morning, windows users are not able to access their mapped > drives. Once they reboot their computers, they are fine for another > day. >> smb.conf on file server > ---------------------------------- > > [global] > kerberos method = system keytab > workgroup = REALM > security = ads > realm = REALM.EXAMPLE.COMProvided that 'REALM' is really 'DOMAIN' (a single word, 15 characters or less, without a dot), the only thing I would do is to remove the 'kerberos method' line Rowland
Mason Schmitt
2019-Apr-18 20:10 UTC
[Samba] Windows clients require reboot once a day in order to access mapped drives
Hi Rowland,> I hope someone has seen this before and knows what's going on. Given > > the time delay between the problem recurring, I'm guessing the issue > > lies with Kerberos, but I'm not sure how to verify that or how to > > resolve the issue. If you need more info, please let me know. > > > > Problem: > > Each morning, windows users are not able to access their mapped > > drives. Once they reboot their computers, they are fine for another > > day. > > > > > smb.conf on file server > > ---------------------------------- > > > > [global] > > kerberos method = system keytab > > workgroup = REALM > > security = ads > > realm = REALM.EXAMPLE.COM > > Provided that 'REALM' is really 'DOMAIN' (a single word, 15 characters > or less, without a dot)Yes, REALM is actually a 4 letter word (but not "that kind" of 4 letter word...).> , the only thing I would do is to remove the > 'kerberos method' line >I'll try removing that and see what happens. -- Mason
Seemingly Similar Threads
- Windows clients require reboot once a day in order to access mapped drives
- Windows clients require reboot once a day in order to access mapped drives
- Windows clients require reboot once a day in order to access mapped drives
- Unable to contact active directory or verify claim types
- Windows clients require reboot once a day in order to access mapped drives