Thanks for you suggestion, I will implement it.
I have also noted the following error in the WB logs:
[2020/12/28 09:36:04.866692,? 0]
../source3/librpc/crypto/gse.c:541(gse_get_client_auth_token)
? gse_get_client_auth_token: gss_init_sec_context failed with [
Miscellaneous failure (see text): TGT has been revoked](2529638932)
[2020/12/28 09:36:04.866805,? 5]
../auth/gensec/gensec.c:492(gensec_update_done)
? gensec_update_done: gse_krb5[8a142b8]: NT_STATUS_LOGON_FAILURE
Do you know if it could be related to my issue and if it could be an
issue in the Windows DC?
Thanks
Andrea Cucciarre'
On 12/28/2020 11:21 AM, Rowland penny via samba wrote:> On 28/12/2020 09:39, Andrea Cucciarre' via samba wrote:
>> Hello,
>>
>> my Samba share was working perfectly and then suddenly was not
>> available to windows client.
>> The Samba server is a Domain member and the command "wbinfo
-u" and
>> "getent passwd" returned no AD users.
>> The service has been recovered merely by restarting the winbindd
service
>> We are running Samba 4.9.5 and my smb.conf is as below, I have also
>> pasted some (relevant?) logs
>> Are you aware of any known issue or miss-configuration?
>
> You can remove these lines from your smb.conf, they have no effect
> with the winbind backends you are using:
>
> idmap config * : schema_mode = rfc2307
> idmap config MERCURIA : schema_mode = rfc2307
>
> You are shooting yourself in the foot, not only do you have 'winbind
> enum' lines (which you definitely do not require), you also have
> 'winbind expand groups = 10', this will work poor old winbind to
death
> ? I suggest you remove those lines.
>
> Rowland
>
>