[Samba] Windows 10 cannot connect without SMB1
K. R. Foley
kr at cybsft.com
Mon Mar 1 15:04:51 UTC 2021
On 3/1/21 8:40 AM, Rowland penny via samba wrote:
> On 01/03/2021 13:15, K. R. Foley wrote:
>>
>> On 3/1/21 2:26 AM, Rowland penny via samba wrote:
>>> On 28/02/2021 21:23, K. R. Foley wrote:
>>>>
>>>> On 2/28/21 2:52 PM, Rowland penny via samba wrote:
>>>>> On 28/02/2021 20:30, K. R. Foley wrote:
>>>>>>
>>>>>> Contents of /etc/named.conf
>>>>>>
>>>>>> # Global Configuration Options
>>>>>> options {
>>>>>>
>>>>>> # Forward queries that can not be answered from own zones
>>>>>> # to these DNS servers:
>>>>>> # forwarders {
>>>>>> # 8.8.8.8;
>>>>>> # 8.8.4.4;
>>>>>> # };
>>>>>>
>>>>>
>>>>> Are your clients using something else for their nameserver and if
>>>>> so, what ?
>>>> No. Currently only this server so I can control everything.
>>>>>
>>>>> If there is another nameserver is this forwarding the AD dns
>>>>> domain to the DC ?
>>>>>
>>>>> If none of the above applies and you want your clients to have
>>>>> internet access, uncomment the 'forwarders' lines.
>>>>
>>>> The client already has access to the internet. The name server on
>>>> this server acts as a caching name server and resolves names
>>>> itself. That is why I have the forwarders disabled.
>>>
>>>
>>> Your DC must be authoritative for the AD dns domain and whilst your
>>> clients can use another dns server as a caching name server, the
>>> caching name server must forward anything for your AD dns domain to
>>> a DC.
>>>
>>> Rowland
>>>
>> In case there was any misunderstanding due to my rattling on, the DC
>> is the only DNS that the client is pointing to. I uncommented the
>> forwarders section. Still the error persists.
>>
>> kr
>>
>
> Everything seems okay, just about the only other things I can think of
> are:
>
> Is a firewall getting in the way, AD uses a lot more ports than an
> NT4-style domain.
>
> How are you starting Samba, You should just be starting the 'samba'
> daemon which will start any other required daemons.
>
> Rowland
>
The firewall is disabled on the client PC. The client and the server are
on 2 separate subnets separated by a VPN. I am not aware of any
filtering going on between the two, but I can't say for sure without
checking. Is there a list of ports somewhere that I can check to make
sure that they are all being routed over the VPN? I have already checked
everything that I can see in netstat on the server.
Keep in mind that the client can join the domain fine if I enable SMB1
on the client. I don't want to use SMB1. That is why I am trying to
figure this out. The client seems to think that the server is asking for
SMB1.
Is it possible that I have something else mis-configured on the client?
Are there additional ports that are used by SMB2/3 that are not used by
SMB1? If so, what are they?
kr
More information about the samba
mailing list