Web lists-archives.com

Re: [Samba] Windows clients require reboot once a day in order to access mapped drives




On Thu, 25 Apr 2019 10:34:24 -0700
Mason Schmitt <mason@xxxxxxxxxxxxxxxx> wrote:

> >
> >
> > Forgot to mention, are sure your time sync over AD is working
> > correctly. One to add to you list, check times of server and
> > clients, (* yes again, if needed just to be sure).
> >  
> 
> Yes, I have double check that time is correctly being synced.
> 
> FYI, Rowland, the process outlined in the wiki for using chronyd does
> not work on Ubuntu 18.04 (my AD DC is on Ubuntu, but my file server is
> CentOS).  I can only successfully sync windows clients with ntpd
> running on the DC.  Also, if using apparmor, the default apparmor
> rules don't work. Here's what I had to do to get windows clients to
> successfully sync with my Ubuntu DC.
> 
> # Install ntp (if chrony is installed, this will disable and mask
> chrony in systemd)
> apt install ntp
> 
> # First comment out the default NTP ACLs
> sed -i 's/^restrict -/#restrict -/g' /etc/ntp.conf
> 
> # Then add some samba specific settings to /etc/ntp.conf
> cat << EOF >> /etc/ntp.conf
> 
> # Use AD for authenticanting Windows NTP clients
> ntpsigndsocket /var/lib/samba/ntp_signd
> 
> # Acess control
> # Default restriction: Allow clients to only query the time
> restrict -4 default kod notrap nomodify nopeer noquery mssntp
> restrict -6 default kod notrap nomodify nopeer noquery mssntp
> 
> # We're running in a VM, so we need to protect ntpd from waking up
> # in a panic, in a situation where a VM has been shutdown for an
> # extended period of time
> tinker panic 0
> EOF
> 
> # There is a bug in Ubuntu's apparmor config for ntp, so this fixes it
> sed -i /ntp_signd/c'\  /var/lib/samba/ntp_signd/socket rw,'
> /etc/apparmor.d/usr.sbin.ntpd
> apparmor_parser --replace /etc/apparmor.d/usr.sbin.ntpd
> 
> # Set the necessary permissions on the ntp signed socket
> chmod 750 /var/lib/samba/ntp_signd
> chown root:ntp /var/lib/samba/ntp_signd
> systemctl enable ntp.service
> systemctl restart ntp.service
> 
> 
> # Test to make sure NTP is working
> ntpq -p

Louis, you use Ubuntu 18.04, can you confirm this ? (note to Mason: I
do not disbelieve you, I just need confirmation before changing the
wiki, I do not use Ubuntu so cannot confirm the changes)

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba