[Samba] Windows 10 cannot connect without SMB1

K. R. Foley kr at cybsft.com
Mon Mar 1 15:04:51 UTC 2021

On 3/1/21 8:40 AM, Rowland penny via samba wrote:
> On 01/03/2021 13:15, K. R. Foley wrote:
>> On 3/1/21 2:26 AM, Rowland penny via samba wrote:
>>> On 28/02/2021 21:23, K. R. Foley wrote:
>>>> On 2/28/21 2:52 PM, Rowland penny via samba wrote:
>>>>> On 28/02/2021 20:30, K. R. Foley wrote:
>>>>>> Contents of /etc/named.conf
>>>>>> # Global Configuration Options
>>>>>> options {
>>>>>>     # Forward queries that can not be answered from own zones
>>>>>>     # to these DNS servers:
>>>>>> #    forwarders {
>>>>>> #;
>>>>>> #;
>>>>>> #    };
>>>>> Are your clients using something else for their nameserver and if 
>>>>> so, what ?
>>>> No. Currently only this server so I can control everything.
>>>>> If there is another nameserver is this forwarding the AD dns 
>>>>> domain to the DC ?
>>>>> If none of the above applies and you want your clients to have 
>>>>> internet access, uncomment the 'forwarders' lines.
>>>> The client already has access to the internet. The name server on 
>>>> this server acts as a caching name server and resolves names 
>>>> itself. That is why I have the forwarders disabled.
>>> Your DC must be authoritative for the AD dns domain and whilst your 
>>> clients can use another dns server as a caching name server, the 
>>> caching name server must forward anything  for your AD dns domain to 
>>> a DC.
>>> Rowland
>> In case there was any misunderstanding due to my rattling on, the DC 
>> is the only DNS that the client is pointing to. I uncommented the 
>> forwarders section. Still the error persists.
>> kr
> Everything seems okay, just about the only other things I can think of 
> are:
> Is a firewall getting in the way, AD uses a lot more ports than an 
> NT4-style domain.
> How are you starting Samba, You should just be starting the 'samba' 
> daemon which will start any other required daemons.
> Rowland
The firewall is disabled on the client PC. The client and the server are 
on 2 separate subnets separated by a VPN. I am not aware of any 
filtering going on between the two, but I can't say for sure without 
checking. Is there a list of ports somewhere that I can check to make 
sure that they are all being routed over the VPN? I have already checked 
everything that I can see in netstat on the server.

Keep in mind that the client can join the domain fine if I enable SMB1 
on the client. I don't want to use SMB1. That is why I am trying to 
figure this out. The client seems to think that the server is asking for 

Is it possible that I have something else mis-configured on the client?

Are there additional ports that are used by SMB2/3 that are not used by 
SMB1? If so, what are they?


More information about the samba mailing list