Web lists-archives.com

[Samba] Samba file sharing with AD authentication doesn't work on some boxes




I have a few RHEL7 boxes, all of them are members in MS Win domain using
SSSD. All of these linuxes run Samba for file sharing with the same config.
Usually it works nice, but from time to time users cannot map Samba
folders, with the following message in the log:


[2017/03/07 14:58:27.050493,  0]
../source3/auth/auth_domain.c:121(connect_to_domain_password_server)

  connect_to_domain_password_server: unable to open the domain client
session to machine DC03.example.LOCAL. Error was : NT_STATUS_ACCESS_DENIED.

[2017/03/07 14:58:27.050756,  0]
../source3/auth/auth_domain.c:184(domain_client_validate)

  domain_client_validate: Domain password server not available.


"From time to time" - i.e., sometimes certain Samba box is broken for a
long time, sometime some box is stopping to work for some time.

Unfortunately, I cannot blame MS Win admins because in the same time some
Samba boxes are OK when others are broken. Any ideas?


My Samba is samba-4.4.4-12.el7_3.x86_64, config is


security = ADS

passdb backend = tdbsam

realm = EXAMPLE.LOCAL

password server = x.x.x.x y.y.y.y


Any ideas?


Thank you,

Vitaly
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba