[Samba] Need help for SMBv2-connection with windows clients

Rowland Penny rpenny at samba.org
Sat Apr 30 17:22:56 UTC 2022

On Sat, 2022-04-30 at 18:14 +0200, Bombadil via samba wrote:
> I have problems getting my Windows 10 client(s) to connect to my
> Samba-
> server using SMBv2 or higher, but no problems with SMBv1 (NT1)
> protocol. I guess this is has to do with my AD domain being put on
> top
> of my private domain (see configuration below).
> I already checked that client and server are communicating, so it
> does
> not seem to be primarily a simple DNS issue.
> My setup:
> Domain: example.com
> AD-Domain(realm): samdom.example.com
> Network
> Samba AD with FreeBSD 13.0, samba-4.13.17: dc.example.com and
> dc.samdom.example.com (
> Windows 10 client: wincli.example.com and wincli.samdom.example.com
> (
> example.com is resolved by a dnsmasq-server, which forwards all
> request
> for 'samdom.example.com' to (dc), i.e. in dnsmasq.conf:
> server=/samdom.example.com/
> rebind-domain-ok=/samdom.example.com/

It looks like all your clients are in the 'example.com' DNS domain (and
hence in the 'EXAMPLE.COM' realm) and the DC is in the
'samdom.example.com' DNS domain (and in the 'SAMDOM.EXAMPLE.COM realm).
If this is the case, then it isn't going to work.

Using a subdomain of a registered domain is best practice, so you are
okay there, but your DC must be authoritative for the subdomain and
your clients must be members of the subdomain. Whilst you can use an
external DNS server on your network, all requests for AD records must
be forwarded to the DC(s) and no AD records can be stored on the
forwarding dns server (except for 'cached' records).

I suggest you rethink your setup.


More information about the samba mailing list