Web lists-archives.com

Re: [Samba] Windows clients require reboot once a day in order to access mapped drives




>
>
> Forgot to mention, are sure your time sync over AD is working correctly.
> One to add to you list, check times of server and clients, (* yes again,
> if needed just to be sure).
>

Yes, I have double check that time is correctly being synced.

FYI, Rowland, the process outlined in the wiki for using chronyd does not
work on Ubuntu 18.04 (my AD DC is on Ubuntu, but my file server is
CentOS).  I can only successfully sync windows clients with ntpd running on
the DC.  Also, if using apparmor, the default apparmor rules don't work.
Here's what I had to do to get windows clients to successfully sync with my
Ubuntu DC.

# Install ntp (if chrony is installed, this will disable and mask chrony in
systemd)
apt install ntp

# First comment out the default NTP ACLs
sed -i 's/^restrict -/#restrict -/g' /etc/ntp.conf

# Then add some samba specific settings to /etc/ntp.conf
cat << EOF >> /etc/ntp.conf

# Use AD for authenticanting Windows NTP clients
ntpsigndsocket /var/lib/samba/ntp_signd

# Acess control
# Default restriction: Allow clients to only query the time
restrict -4 default kod notrap nomodify nopeer noquery mssntp
restrict -6 default kod notrap nomodify nopeer noquery mssntp

# We're running in a VM, so we need to protect ntpd from waking up
# in a panic, in a situation where a VM has been shutdown for an
# extended period of time
tinker panic 0
EOF

# There is a bug in Ubuntu's apparmor config for ntp, so this fixes it
sed -i /ntp_signd/c'\  /var/lib/samba/ntp_signd/socket rw,'
/etc/apparmor.d/usr.sbin.ntpd
apparmor_parser --replace /etc/apparmor.d/usr.sbin.ntpd

# Set the necessary permissions on the ntp signed socket
chmod 750 /var/lib/samba/ntp_signd
chown root:ntp /var/lib/samba/ntp_signd
systemctl enable ntp.service
systemctl restart ntp.service


# Test to make sure NTP is working
ntpq -p



--
Mason
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba