Web lists-archives.com

Re: [Samba] Windows clients require reboot once a day in order to access mapped drives




Hi Mason,

On 30.04.2019 19:41, Mason Schmitt wrote:
Hi Viktor,

    I didn't go through all the conversations and I'm not sure if this will
    be of any help, I just wanted to inform that I've been using mapped
    drives with Windows 10 for ages and never had the problems you
    described. I also never added or changed the "smb encrypt" option. My
    Samba file server (AD member) was set up pretty much the way as is
    described in the official Wiki and it just works. I can confirm this
    for
    several versions from Samba 4.2.x to 4.9.x. And I never changed
    anything
    in the Windows 10 registry either.


Would you be willing to share your config files?  I'd be curious to see what's different between yours and mine.

Probably having the smb.conf and krb5.conf files from both a samba DC and file server would be helpful.


Sure, here you go:

For the DC:

/etc/samba/smb.conf
--------------------

[global]
        workgroup = SAMDOM
        realm = SAMDOM.EXAMPLE.COM
        netbios name = DC1
        server role = active directory domain controller
        dns forwarder = 8.8.8.8
        idmap_ldb:use rfc2307 = yes
        interfaces = eth0
        bind interfaces only = Yes

[netlogon]
        path = /var/lib/samba/sysvol/samdom.example.com/scripts
        read only = No
        write ok = Yes
        acl_xattr:ignore system acls = yes

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No
        write ok = Yes
        acl_xattr:ignore system acls = yes


/etc/krb5.conf
--------------

default_realm = SAMDOM.EXAMPLE.COM
        dns_lookup_realm = false
        dns_lookup_kdc = true


For the domain member (krb5.conf same as on DC)

/etc/samba/smb.conf
-------------------
[global]

  netbios name = FILESERVER
  workgroup = SAMDOM
  security = ADS
  realm = SAMDOM.EXAMPLE.COM
  dedicated keytab file = /etc/krb5.keytab
  kerberos method = secrets and keytab

  username map = /etc/samba/samba_usermap

  idmap config *:backend = tdb
  idmap config *:range = 2000-9999
  idmap config SAMDOM:backend = ad
  idmap config SAMDOM:schema_mode = rfc2307
  idmap config SAMDOM:range = 10000-99999
  idmap config SAMDOM:unix_nss_info = yes

  winbind use default domain = yes
  winbind enum users  = yes
  winbind enum groups = yes
  winbind refresh tickets = Yes

  vfs objects = acl_xattr
  map acl inherit = Yes
  store dos attributes = Yes

  load printers = no
  printing = bsd
  printcap name = /dev/null
  disable spoolss = yes

[exampleshare]
  path = /srv/samba/exampleshare
  comment = "Example Data"
  writeable = yes

These particular files are on Samba 4.9.4, clients are Win10.

Just fyi, I have a second installation where I'm not using keytabs on
the member and it works just as well.

Viktor

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba