[Samba] Laptops unable to access Windows SMB share
Rowland Penny
rpenny at samba.org
Thu Jan 23 09:46:13 UTC 2025
On Wed, 22 Jan 2025 22:04:31 +0000
Stephen Brandli via samba <samba at lists.samba.org> wrote:
> Long-time Samba user. Love it!
>
> I have a dozen or so computers accessing several file (SMB) shares.
> All but two are in fixed locations. Some of those have fixed IPs,
> the rest DHCP IPs but they don't move between subnets. The last two,
> both laptops, are the problem. They move back and forth between two
> subnets.
>
> Specifically:
>
> There are three relevant subnets. I'll call them Secure 1, Secure 2,
> and Unsecure 2. Secure 1 and Secure 2 are connected via a VPN, and
> Secure 2 and Unsecure 2 are connected via a firewall. The firewall
> does not NAT. The other clients are on Secure 1 and Secure 2. The
> laptops move between Secure 1 and Unsecure 2.
>
> To simplify things, there are two servers on Secure 1: one Samba
> (4.9.5-I know, old), and a Windows 10 up-to-date and acting as a
> server.
>
> There are two domains: D1 and D2 (all Samba 4.13.13). D1 is centered
> at Secure 1 and D2 at Secure 2. D1 and D2 have an external trust
> relationship. Domain controllers for both domains in both Secure 1
> and Secure 2. The two servers on Secure 1 are in D1. The laptops
> are in D2.
>
> All the computers except the laptops-including computers on Secure 1
> in D1, and Secure 2 in D2, access both the Samba and Windows servers
> fine (file shares). The two laptops access the Samba file share just
> fine whether they are in Secure 1 or Unsecure 2. The laptops can
> access another service (Sql Server) on the Windows server without
> problem no matter where they are (demonstrating connectivity).
>
> Two problems:
>
>
> 1. When at Unsecure 2, the laptops will not update their DNS
> records for D2. For purposes of working on problem #2 (next), I
> added A records manually to D2. 2. When at Unsecure 2, the laptops
> will not access the Windows server's file share. Remember they will
> access the Samba file server on the same subnet, Secure 1. The error
> says it can't find the share and asks to check the name.
>
> There are no firewall rules between Secure 1 and Secure 2. It's a
> straight VPN. While there are usually firewall rules between Secure
> 2 and Unsecure 2, I removed them to test this problem with no change.
>
> This used to work. At some point it stopped. I have not updated the
> domain controllers or the Samba server referenced above in some time
> now, so no update to those caused the problem. The Windows machine
> has updated automatically and is up-to-date (just reaching Windows 10
> EOL).
>
> Clearly the laptops are unique in some way: I suspect in being on
> Unsecure 2. Their netbios settings are the "default," which uses
> netbios over TCP unless told differently by DHCP, which it doesn't.
>
> I've exhausted my limited knowledge of this and would love any tips
> you all are willing to provide. Thanks in advance!
>
> Steve
You have told us a lot there, but then really nothing, what OS's are
the Linux machines running ? There are two domains, but what sort ?
There is mention of dns, so I suppose AD, but I cannot be sure. There
is mention of Samba 4.9.5, so this could be Debian buster which is
dead, 4.13.13 could be Debian bullseye which is in LTS support and only
gets security updates.
My first thoughts are, upgrade the Samba servers so if you do have a
bug, it can get fixed, you have no chance at the moment.
Rowland
More information about the samba
mailing list