Samba, Win10, and Invalid Signature

[greco]

I was trying to figure out how to build samba for freebsd yesterday and got as far as finding the github repo for freenas and this slightly disheartening post (from 2013) https://forums.freenas.org/index.ph...ba-to-latest-release-on-the-same-train.57570/

It will probably take me a while to get "Tooled Up" since it's not my forte, but I would like to try the patch. Given your research, the error could also be originating in kerberos.

I have found at least one other person with similar "10 hour" problem:
https://social.technet.microsoft.co...phic-signature-is-invalid?forum=winserver8gen

Unfortunately, given the same blanket response to errors as if he could not connect at all and no follow-ups.

 

[greco]

Two things to note:

On July 3 of this thread, I posted that I created a Freenas vm that used the internal domain controller (Services -> Domain Controller) and that it worked fine. The other day I set it to use my 'prod' AD and it is still working. Connections are lasting longer than 10 hours.

Yesterday morning, I started a brand new Freenas VM, but this time I directly configured it to use 'prod' AD right away. It's had an open file handle for ~21.5 hours, and so I consider that to also be working.

It really makes no sense to me that these two VMs work fine and the only real difference I can think of is that when I replaced my old FreeNAS v8.2 host version with a brand new machine running v11.1, I reused the hostname and maybe somehow some remnant is causing issues.

I saved the config files from the broken freenas and the 2x VMs that are working. They are sqlite dbs, so I was able to load them up and query the settings and as far as I can tell, the three of them are all nearly identical.

What I'd like to do next is somehow 'unjoin' the broken freenas, make sure it's removed from AD, rename the host, manually kill any kerberos tickets, rejoin it to the AD. I don't really see how to do this in freenas from the GUI so will need to experiment on the VMs.