[Samba] Need help for SMBv2-connection with windows clients
Bombadil
bombadil_00 at web.de
Sun May 1 15:21:06 UTC 2022
Am Samstag, dem 30.04.2022 um 18:22 +0100 schrieb Rowland Penny via
samba:
> On Sat, 2022-04-30 at 18:14 +0200, Bombadil via samba wrote:
> > I have problems getting my Windows 10 client(s) to connect to my
> > Samba-
> > server using SMBv2 or higher, but no problems with SMBv1 (NT1)
> > protocol. I guess this is has to do with my AD domain being put on
> > top
> > of my private domain (see configuration below).
> >
> > I already checked that client and server are communicating, so it
> > does
> > not seem to be primarily a simple DNS issue.
> >
> > My setup:
> > Domain: example.com
> > AD-Domain(realm): samdom.example.com
> > Network 10.0.2.0/24
> >
> > Samba AD with FreeBSD 13.0, samba-4.13.17: dc.example.com and
> > dc.samdom.example.com (10.0.2.15)
> >
> > Windows 10 client: wincli.example.com and wincli.samdom.example.com
> > (10.0.2.53)
> >
> > example.com is resolved by a dnsmasq-server, which forwards all
> > request
> > for 'samdom.example.com' to 10.0.2.15 (dc), i.e. in dnsmasq.conf:
> > server=/samdom.example.com/10.0.2.15
> > rebind-domain-ok=/samdom.example.com/
>
> It looks like all your clients are in the 'example.com' DNS domain
> (and
> hence in the 'EXAMPLE.COM' realm) and the DC is in the
> 'samdom.example.com' DNS domain (and in the 'SAMDOM.EXAMPLE.COM
> realm).
> If this is the case, then it isn't going to work.
>
> Using a subdomain of a registered domain is best practice, so you are
> okay there, but your DC must be authoritative for the subdomain and
> your clients must be members of the subdomain. Whilst you can use an
> external DNS server on your network, all requests for AD records must
> be forwarded to the DC(s) and no AD records can be stored on the
> forwarding dns server (except for 'cached' records).
>
> I suggest you rethink your setup.
>
> Rowland
>
>
Thank you for your quick response!
Actually I tried to set them both simply into the example.com DNS-
domain or the samdom.example.com DNS domain, but this does not solve
the problem. I also changed the DNS server on both machines to the DC-
DNS server (10.0.2.15), i.e., the reply is now certainly authoritative,
but still no success.
Is it possible that SMBv2 also performs a reverse lookup? That would
currently result in the example.com-domain, since no PTR-entries are in
the DC-DNS server and then the request are forwarded to the dnsmasq-
server.
Helmut
More information about the samba
mailing list