[Samba] Can't access to \\ip and some cname after migration from samba 3 to samba 4.4.5

Wed Nov 2 20:52:05 UTC 2016

hi,

It seems that the problem was lastlogofff atribute, in some users this
attribute was filled with an old timestamp 2008, I t seems an old value
from nt migration

thanks for all

2016-11-01 19:37 GMT+01:00 Trenta sis <trenta.sis at gmail.com>:

> hi gaiseric,
>
> I have configured client with dhcp with same results and also disabled
> netbios in networking, in client and server, to enforce 445 but without
> success error persist...
> about regedit keys, doesn't exist boths machines, client and server, are
> windows 2003
> I have made some additional tests and I have detected an strange situation
> same machine with one user fails to use \\ip and from same machine wit
> another user works....?? at this moment 2 users failing and more than 20
> working....
> very strange... I don't know where is the problem and how to find...
>
> thanks
>
>
> Are the clients using static IP addresses (or DHCP reservations with DNS
> names?) Maybe server is trying to do a reverse DNS lookup on clients. Can
> you do a tcpdump or similar - watch a connection from a client machine
> using server name, then watch from the same client using IP. What ports are
> open on the server? In the past, packet captures would show windows PC's
> connecting on port 445 (CIFS/SMB over tcp/ip) then reconnect on port 139
> (netbios over tcp/ip) . (This was with a classic domain so 445 should not
> have been used but disabling it would cause problems.) Maybe clients are
> still trying to connect to port 139 which would not longer be relevant
> port. Are you running windows 7 ? With classic domains, you had to change
> make some registry changes https://wiki.samba.org/index.
> php/Required_Settings_for_Samba_NT4_Domains Windows Registry Editor
> Version 5.00 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
> "DomainCompatibilityMode"=dword:00000001 "DNSNameResolutionRequired"=dword:00000000
> Does removing those changes make a difference ?
>
> 2016-10-30 20:08 GMT+01:00 Trenta sis <trenta.sis at gmail.com>:
>
>> Hi,
>>
>> I'll try to give information asked in preious messages:
>> - We have only one samba Domain controller and one dns (bind in same
>> samba server)
>> - Our domain doesn't have any .local
>> - avahi is not running and we use debian lenny
>> - This is a samba 4 AD domain, migrated form samba 3 nt domain using
>> classic upgrade as it is described in samba wiki
>> - problem is reported in lan network, is not a remote user
>> - Detected that for some users work in same machien taht on other is not
>> working, searched differences, but wihout success...
>>
>> Not sure about message smb2, I think that is not the problem is a windows
>> 2003 server and smb2 is not used in windows 2003... I think...
>>
>> Any suggestions about what bould be the problem?
>>
>> Thanks
>>
>>
>> 2016-10-27 22:40 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
>>
>>> hi,
>>>
>>> error message when we try to connect with \\IP with dc available "no
>>> network provider accepted the given network path"
>>>
>>> 2016-10-27 22:34 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
>>>
>>>> hi rowland,
>>>>
>>>> after migration one of past migration tasks were generare reverse zone
>>>> and add alla and ptr manually.
>>>> I have made some additional tests and seemsthat if we shutdown samba
>>>> domain controller or  disconnect network then we can access with \\ip with
>>>> two domain members server, and then if we reconnect network in samba ad
>>>> server we reproduces error with \\ip
>>>>
>>>>
>>>> any solution?
>>>>
>>>> thanks
>>>>
>>>> 2016-10-26 17:53 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
>>>>
>>>>>
>>>>> Hi,
>>>>>
>>>>> Recently we have migrated from samba 3 nt domain to samba 4 AD (4.4.5)
>>>>> and we have detected that some applications are not working correctly, this
>>>>> applications need to access to \\ip resource, with name works, but we have
>>>>> some applications that needs to work only by ip
>>>>> Also detected this problem with some cname in dns are not responding
>>>>> we use bind9 + dlz, and we if we access from \\name works... what could be
>>>>> the problem... I have tried to update windows (windows 2003) to latest
>>>>> updates, reinstall some updates that can generate the problems but without
>>>>> success.. and I don't know how to solve this issue
>>>>>
>>>>>
>>>>> For problems with cname and some name seems that if in LOGON machines
>>>>> (allowed) we define only some machine then some cname fails, tried to add
>>>>> samba server, \\cname... without success, only if we disable logon machines
>>>>> (allow all) then this works...
>>>>>
>>>>> About \\ip any workaround is found... any solution?
>>>>>
>>>>> Before migration all was working correctly, and we doesn't have added
>>>>> any gpo or any other special change, only migrat from samba nt to samba 4
>>>>> ad 4.4.5...
>>>>>
>>>>> Anybody can help with both errors?
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>