[Samba] File server joined to a samba domain accessed by windows 10-11 clients, works via ip no via dns name

Travis Wenks travis at rosecitysolutions.com
Tue Dec 6 22:48:58 UTC 2022


I'm sorry guys I don't mean to spam the group.
I logged back into the pc after rejoining.
Attempted to access the share again via ip works fine
via fqdn still fails.
I could not find any logs on the Synology correlating to my attempts to
access file shares


Travis Wenks
Rose City Solutions
travis at rosecitysolutions.com
503-821-7000


On Tue, Dec 6, 2022 at 2:25 PM Travis Wenks <travis at rosecitysolutions.com>
wrote:

> OK I am scratching my head here..
>
> I mistakenly said user account, I intended to say the computer account.
>
> The workstation would not join and reuse the computer account.
> After deleting this in AD I was able to join with no problems.
>
> Are we saying the kerberos ticket is bad and needs to be re-created?
> Would this be to the upgrade from 4.16 to 4.17?
> Also is the solution to remove the computer account and rejoin the pc's?
>
>
> Travis Wenks
> Rose City Solutions
> travis at rosecitysolutions.com
> 503-821-7000
>
>
> On Tue, Dec 6, 2022 at 2:09 PM Travis Wenks <travis at rosecitysolutions.com>
> wrote:
>
>> Interesting...
>>
>> I left the domain and did not delete the user account and I go this
>>
>>
>> The domain name "NET" might be a NetBIOS domain name.  If this is the
>> case, verify that the domain name is properly registered with WINS.
>>
>> If you are certain that the name is not a NetBIOS domain name, then the
>> following information can help you troubleshoot your DNS configuration.
>>
>> An error occurred when DNS was queried for the service location (SRV)
>> resource record used to locate an Active Directory Domain Controller (AD
>> DC) for domain "NET".
>>
>> The error was: "No records found for given DNS query."
>> (error code 0x0000251D DNS_INFO_NO_RECORDS)
>>
>> The query was for the SRV record for _ldap._tcp.dc._msdcs.NET
>>
>> I went into dns and this record _ldap._tcp.dc._msdcs.NET.domain-name.com
>> does exist
>> Additionally I checked the dns records on the workstation are pointed at
>> the dc's and internet is working.
>>
>> I am going try and join another workstation in our lab.
>>
>> Travis Wenks
>> Rose City Solutions
>> travis at rosecitysolutions.com
>> 503-821-7000
>>
>>
>> On Tue, Dec 6, 2022 at 1:25 PM Rowland Penny via samba <
>> samba at lists.samba.org> wrote:
>>
>>>
>>>
>>> On 06/12/2022 20:58, Travis Wenks via samba wrote:
>>> > Hi all,
>>> > First, thank you for such an amazing project!
>>> >
>>> > Second an apology for an extremely long post, I tried to add all the
>>> info I
>>> > could think of so this is a quick fix!
>>> >
>>> > I support multiple client sites that we built samba dc’s from source.
>>> >
>>> > I wrote a quick script to update our client dc’s. As it has no sanity
>>> > checks or safety’s to not destroy data I will not post a functional
>>> copy of
>>> > it here. If anyone would like it I would be glad to email it to anyone
>>> who
>>> > wants it.
>>> >
>>> > Here is the issue, we started updating 5 sites and once those were
>>> done we
>>> > started getting reports of network drives failing.
>>> >
>>> > If a user is in a group and that group defines the permissions to
>>> access a
>>> > share they cannot access it. If the ip address is used it works fine.
>>> >
>>> > So if a user is a member of a group this is the behavior,
>>> >
>>> > \\file-server.domain\share
>>> > Fails
>>> > \\file-server\share
>>> > Fails also, but
>>> > \\ip-of-file-server\share
>>> > works fine
>>> >
>>>
>>> Sounds like kerberos is failing, but NTLM is working. Try getting the
>>> windows machine to leave the domain and rejoin, this will rewrite the
>>> machines kerberos ticket.
>>>
>>> Have you considered using Debian ? Bullseye now comes with Samba 4.17.3
>>> from backports, this will save you having to build it yourself.
>>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>


More information about the samba mailing list