[Samba] Windows clients connecting to SMB share differently over IP than DNS

Gavin Greenwalt im.thatoneguy at gmail.com
Mon Apr 5 20:15:07 UTC 2021 

> Not being a synology user, what does that actually mean ? Does it mean
that it is impossible to upgrade Samba ?

Yes, since Synology handles all of the config through their DSM web
interface for domain joins and shares they have their own fork of 4.4 with
security patches and features backported.  I spun up an old 2017 Ubuntu VM
with Samba 4.4.5.  Recreated my Synology smb.conf file as closely as I
could and tested that.  Performance was excellent. Looks like it's
something specific to Synology's Samba backpatched fork combined with krb5
and I will follow up with them.  Also why the config files don't have
explicit includes since I imagine that's hard coded into their
distribution.  I assume idmap is similarly being handled through their
fork's domain join system. (And likely causing the problems it would seem)

> the 'winbind enum' lines could be slowing things down.

Would you still have support for Domain users\groups as folder permissions?

> you have an include file
called smb.netbios.aliases.conf, (you need SMBv1 for netbios), so what
is in it ?

Looks like it doesn't even exist.

Ok, it looks pretty clearly like whatever the issue is, is completely
isolated to whatever proprietary sauce Synology is doing with the Synology
DSM 6.x distribution.  I feel competent defending Samba's innocence.

Thank you for the expert insights!  I'll try removing the winbind enums
after escalating my Synology support tickets so that they can't blame it on
me for making non-UI configuration changes.  And of course if I learn
anything that's applicable to vanilla Samba I'll report back what I learn
from Synology's support team.

- Gavin


On Thu, Apr 1, 2021 at 11:36 AM Rowland penny via samba <
samba at lists.samba.org> wrote:

> On 01/04/2021 18:51, Gavin Greenwalt wrote:
> > >It might help if the OP did two things:
> > >Upgrade Samba, 4.4.16 is very old and EOL.
> > >Post their smb.conf, at the moment we have no idea how they are running
> Samba.
> > >
> > >Rowland
> >
> > Unfortunately I'm locked into 4.4 because that's what Synology is using
> in DSM.
>
>
> Not being a synology user, what does that actually mean ? Does it mean
> that it is impossible to upgrade Samba ?
>
> >    But my next step will be to spin up a fresh VM of Ubuntu and compare
> a clean installation of 4.4.16 to see if Synology DSM is somehow
> introducing the slowdown.
> I would also try a supported version of Samba.
> >
> > smb.conf (sanitized) >
> > [global]
> >          printcap name=cups
> >          winbind enum groups=yes
>
>
> the 'winbind enum' lines could be slowing things down.
>
> >          include=/var/tmp/nginx/smb.netbios.aliases.conf
>
>
> Interesting, you have SMBv1 turned off, but you have an include file
> called smb.netbios.aliases.conf, (you need SMBv1 for netbios), so what
> is in it ?
>
> >          password server=3.3.3.100
>
> You should allow Samba to find the best password server
>
> >          encrypt passwords=yes
> >          admin users=@DOM\Domain Admins, at DOM\Enterprise Admins
> >          min protocol=SMB2_10
> >          security=ads
> >          local master=no
> >          realm=DOMAIN.COM  <http://DOMAIN.COM>
> >          syno sync dctime=yes
> >          passdb backend=smbpasswd
>
>
> Samba was telling people to not smbpasswd as the passdb backend way back
> in the 3.x.x days, so why is your Synology device still using it ?
>
>
> >          ldap timeout=60
> >          printing=cups
> >          max protocol=SMB3
> >          winbind enum users=yes
> >          load printers=yes
> >          workgroup=DOM
> >
> > smbinfo.conf >
> > [global]
> >      rpc_server:mdssvc=external
> >      prev domain=DOM
> >      server signing=yes
> >      veto files=
> >      advanced_domain_option=yes
> >      smb2 leases=yes
> >      btrfs clone=no
> >      winbind expand groups=1
> >      register nic=bond1
> >      rpc_daemon:mdssd=fork
> >      enable nt4 enum=no
> >      allow insecure widelinks=no
> >      disable shadow copy=no
> >
> > smb.share.conf >
> > [Share]
> >          recycle bin admin only=yes
> >          ftp disable modify=no
> >          ftp disable download=no
> >          write list=nobody,nobody
> >          browseable=yes
> >          mediaindex=no
> >          hide unreadable=no
> >          win share=yes
> >          enable recycle bin=yes
> >          invalid users=nobody,nobody
> >          read list=nobody,nobody
> >          ftp disable list=no
> >          edit synoacl=yes
> >          valid users=nobody,nobody
> >          writeable=yes
> >          guest ok=yes
> >          path=/volume1/Share
> >          skip smb perm=yes
> >          comment="Share Directory"
> >
> What are 'smbinfo.conf' and 'smb.share.conf' , there doesn't seem to be
> an 'include' for them.
>
> Now the big one, what is doing the ID mapping ? I do not see any 'idmap
> config' or even any 'idmap uid' & 'idmap gid' lines.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list