[Samba] clients not connecting to samba shares

Rowland Penny rpenny at samba.org
Tue Apr 11 08:15:13 UTC 2023 


On 11/04/2023 00:19, Gary Dale via samba wrote:
> On 2023-04-05 09:56, Gary Dale via samba wrote:
>> On 2023-04-04 19:36, Gary Dale via samba wrote:
>>> On 2023-04-02 02:49, Rowland Penny via samba wrote:
>>>>
>>>>
>>>> On 02/04/2023 04:54, Gary Dale via samba wrote:
>>>>
>>>>> I could, but that seems like overkill. A complete second (virtually 
>>>>> identical) system to administer and update just to hive off the 
>>>>> authentication task.
>>>>>
>>>>
>>>> To be honest, I would run two DC's just for authentication and other 
>>>> Samba machines as Unix domain members.
>>>>
>>>> However, I cannot force you to do anything, all I can do is advise 
>>>> you of best practices, neither Samba or Microsoft recommend using a 
>>>> DC for anything other than authentication.
>>>>
>>>> Rowland
>>>>
>>> I've set up a Debian/Stable VM with the backports in a minimal 
>>> install. Then I added an ssh server and connected to it (so I can cut 
>>> & paste to the Konsole session), and did the Debian 
>>> distribution-specific installation.

What 'Debian distribution-specific' installation did you follow ?

>>> I removed the installer's 
>>> smb.conf and ran the interactive provisioning.  TheLibrarian is 
>>> already a
>>>
>>> I then figured I'd try the Create a reverse zone but that failed:
>>>
>>> # samba-tool dns zonecreate  DC1 1.168.192.in-addr.arpa -U Administrator
>>> Failed to connect host 192.168.1.13 on port 135 - 
>>> NT_STATUS_CONNECTION_REFUSED
>>> Failed to connect host 192.168.1.13 (DC1) on port 135 - 
>>> NT_STATUS_CONNECTION_REFUSED.
>>> ERROR: Connecting to DNS RPC server DC1 failed with (3221226038, 'The 
>>> transport-connection attempt was refused by the remote system.')
>>>
>>> The message shows that the DC1 name resolved properly. I'm not aware 
>>> of anything blocking port 135 - this is a clean install to a new VM. 
>>> Any ideas on what's going on?
>>>
>> Nevermind. I redid the entire process and got it to work this time.
>>
> So now I've got a separate DC and file server working - except that the 
> domain controller seems hard to contact. I keep getting error messages 
> such as "The specified domain either does not exist or cannot be 
> contacted". This is when I'm trying to do things in Windows - and apart 
> from being able to connect to a Samba share as Administrator (but not 
> see the files), I can't do anything.
> 
> I'm looking around in the DNS backend for why.
> 
>> # samba-tool dns zonelist DC1 -U administrator
>> Password for [HOME\administrator]:
>>  4 zone(s) found
>>
>>  pszZoneName                 : 1.168.192,in-addr.rapa
>>  Flags                       : DNS_RPC_ZONE_DSINTEGRATED 
>> DNS_RPC_ZONE_UPDATE_SECURE
>>  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
>>  Version                     : 50
>>  dwDpFlags                   : DNS_DP_AUTOCREATED 
>> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
>>  pszDpFqdn                   : DomainDnsZones.home.rahim-dale.org
>>
>>  pszZoneName                 : 1.168.192.in-addr.arpa
>>  Flags                       : DNS_RPC_ZONE_DSINTEGRATED 
>> DNS_RPC_ZONE_UPDATE_SECURE
>>  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
>>  Version                     : 50
>>  dwDpFlags                   : DNS_DP_AUTOCREATED 
>> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
>>  pszDpFqdn                   : DomainDnsZones.home.rahim-dale.org
>>
>

Do you actually have two reverse zones, one called 
'1.168.192,in-addr.rapa' and another called '1.168.192.in-addr.arpa' ?

If you do, I would remove '1.168.192,in-addr.rapa'

Rowland

More information about the samba mailing list