Web lists-archives.com

Re: [Samba] Windows clients require reboot once a day in order to access mapped drives




I'll fire up the ubuntu test vm..  
Report back later.. 
I.. Need... More... Cofee.....First  ;-)

Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: Rowland Penny [mailto:rpenny@xxxxxxxxx] 
> Verzonden: donderdag 25 april 2019 20:08
> Aan: samba@xxxxxxxxxxxxxxx
> CC: L.P.H. van Belle
> Onderwerp: Re: [Samba] Windows clients require reboot once a 
> day in order to access mapped drives
> 
> On Thu, 25 Apr 2019 10:34:24 -0700
> Mason Schmitt <mason@xxxxxxxxxxxxxxxx> wrote:
> 
> > >
> > >
> > > Forgot to mention, are sure your time sync over AD is working
> > > correctly. One to add to you list, check times of server and
> > > clients, (* yes again, if needed just to be sure).
> > >  
> > 
> > Yes, I have double check that time is correctly being synced.
> > 
> > FYI, Rowland, the process outlined in the wiki for using 
> chronyd does
> > not work on Ubuntu 18.04 (my AD DC is on Ubuntu, but my 
> file server is
> > CentOS).  I can only successfully sync windows clients with ntpd
> > running on the DC.  Also, if using apparmor, the default apparmor
> > rules don't work. Here's what I had to do to get windows clients to
> > successfully sync with my Ubuntu DC.
> > 
> > # Install ntp (if chrony is installed, this will disable and mask
> > chrony in systemd)
> > apt install ntp
> > 
> > # First comment out the default NTP ACLs
> > sed -i 's/^restrict -/#restrict -/g' /etc/ntp.conf
> > 
> > # Then add some samba specific settings to /etc/ntp.conf
> > cat << EOF >> /etc/ntp.conf
> > 
> > # Use AD for authenticanting Windows NTP clients
> > ntpsigndsocket /var/lib/samba/ntp_signd
> > 
> > # Acess control
> > # Default restriction: Allow clients to only query the time
> > restrict -4 default kod notrap nomodify nopeer noquery mssntp
> > restrict -6 default kod notrap nomodify nopeer noquery mssntp
> > 
> > # We're running in a VM, so we need to protect ntpd from waking up
> > # in a panic, in a situation where a VM has been shutdown for an
> > # extended period of time
> > tinker panic 0
> > EOF
> > 
> > # There is a bug in Ubuntu's apparmor config for ntp, so 
> this fixes it
> > sed -i /ntp_signd/c'\  /var/lib/samba/ntp_signd/socket rw,'
> > /etc/apparmor.d/usr.sbin.ntpd
> > apparmor_parser --replace /etc/apparmor.d/usr.sbin.ntpd
> > 
> > # Set the necessary permissions on the ntp signed socket
> > chmod 750 /var/lib/samba/ntp_signd
> > chown root:ntp /var/lib/samba/ntp_signd
> > systemctl enable ntp.service
> > systemctl restart ntp.service
> > 
> > 
> > # Test to make sure NTP is working
> > ntpq -p
> 
> Louis, you use Ubuntu 18.04, can you confirm this ? (note to Mason: I
> do not disbelieve you, I just need confirmation before changing the
> wiki, I do not use Ubuntu so cannot confirm the changes)
> 
> Rowland
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba