[Samba] File server joined to a samba domain accessed by windows 10-11 clients, works via ip no via dns name

Travis Wenks travis at rosecitysolutions.com
Wed Dec 7 14:45:29 UTC 2022


Hi all

I tested with Synology version 6.x in our lab and it works.
I tested with 7.1 with and without the SMB patch and it does not work
Ping is good with short name and fqdn
We do use dhcp option 015 with the domain name eg for our lab
net.rosecitysolutions.com
Time is synced,  kinit, and klist works from the Synology as well as the
DC's
I have run kinit test-file-share-user then klist and I get a valid ticket
on all servers

Is  there a way to ask for members of a group via kerberos?

I agree there was some change in DSM 7.x and Samba 4.17 that made it not
work.
Samba documentation on troubleshooting is kind of slim.
Also I had to guess on the proper set up for krb5.conf and I cannot find
any documentation on how to test if its working in a multi DC environment.
Is that something that can be added to the wiki, or if I am bad at
searching please point me at the correct file.



Travis Wenks
Rose City Solutions
travis at rosecitysolutions.com
503-821-7000


On Wed, Dec 7, 2022 at 6:26 AM Ingo Asche via samba <samba at lists.samba.org>
wrote:

> Hi Rowland,
>
> yes, all checked...
>
> This error comes only in one combination: Windows to Synology DSM 7.1.1
> via device name and share rights via group.
>
> Windows to Synology DSM 6.2.4 > works
> Windows to member server Samba 4.17.3 > works
> Linux to DSM 7.1.1 via autofs > works
> Linux to member server > works.
>
> Every other service I use with Samba (e.g. LDAP for authentication) works.
>
> And this happened first after updating Samba 4.16.6 to Samba 4.17.3 via
> Debian backports.
>
> So I would second you: The problem lies with Synology.
>
> Or do you have a hint what changed between Samba 4.16 and 4.17 what may
> caused this?
>
> Regards
> Ingo
> https://github.com/WAdama
>
> Rowland Penny via samba schrieb am 07.12.2022 um 15:09:
> >
> >
> > On 07/12/2022 13:42, Ingo Asche via samba wrote:
> >> By the way: Just checked accessing on of the shares via IP. It's the
> >> same like your case: The share opens.
> >>
> >> Never checked that...
> >>
> >
> > I take it that all the obvious culprits have been checked:
> >
> > DNS; Can you ping the synology device by name ?
> >      Can you ping from the Synology device
> >
> > Time: is the time correct ?
> >
> > This all sounds like a dns problem or a kerberos problem caused by dns.
> >
> > When you try to connect using the name, kerberos will be used, but it
> > falls back to NTLM if the ipaddress is used. You need dns for kerberos
> > to work.
> >
> > Rowland
> >
> >
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list