[Samba] Laptops unable to access Windows SMB share
Stephen Brandli
steve at brandli.com
Thu Jan 23 20:12:54 UTC 2025
Thanks for the reply. I agree it's reasonable to expect me to update to see if that fixes the problem. I have started that very long process. I would not have bothered you all except, in the meantime, we have a real problem with the laptops. Also, since the fixed machines do not have the problem, I can see only two reasons for it: (1) The laptops are relying on broadcast, which isn't getting transmitted from Unsecure 2 (which has no domain controllers) to Secure 2, or there is something about moving the laptops around with the associated changes in IPs. I was hoping that someone knew what was happening.
To answer your questions: I did put in my admittedly long description that these are Samba domain controllers (4.13.13). They are on Bullseye. The Samba fileserver that works with the laptops is on Buster. The laptops are Windows 10 fully updated as is the Windows file server that isn't working with the laptops.
Again, thank you for your reply.
Steve
-----Original Message-----
From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland Penny via samba
Sent: Thursday, January 23, 2025 1:46 AM
To: samba at lists.samba.org
Cc: Rowland Penny <rpenny at samba.org>
Subject: Re: [Samba] Laptops unable to access Windows SMB share
On Wed, 22 Jan 2025 22:04:31 +0000
Stephen Brandli via samba <samba at lists.samba.org> wrote:
> Long-time Samba user. Love it!
>
> I have a dozen or so computers accessing several file (SMB) shares.
> All but two are in fixed locations. Some of those have fixed IPs, the
> rest DHCP IPs but they don't move between subnets. The last two, both
> laptops, are the problem. They move back and forth between two
> subnets.
>
> Specifically:
>
> There are three relevant subnets. I'll call them Secure 1, Secure 2,
> and Unsecure 2. Secure 1 and Secure 2 are connected via a VPN, and
> Secure 2 and Unsecure 2 are connected via a firewall. The firewall
> does not NAT. The other clients are on Secure 1 and Secure 2. The
> laptops move between Secure 1 and Unsecure 2.
>
> To simplify things, there are two servers on Secure 1: one Samba
> (4.9.5-I know, old), and a Windows 10 up-to-date and acting as a
> server.
>
> There are two domains: D1 and D2 (all Samba 4.13.13). D1 is centered
> at Secure 1 and D2 at Secure 2. D1 and D2 have an external trust
> relationship. Domain controllers for both domains in both Secure 1
> and Secure 2. The two servers on Secure 1 are in D1. The laptops are
> in D2.
>
> All the computers except the laptops-including computers on Secure 1
> in D1, and Secure 2 in D2, access both the Samba and Windows servers
> fine (file shares). The two laptops access the Samba file share just
> fine whether they are in Secure 1 or Unsecure 2. The laptops can
> access another service (Sql Server) on the Windows server without
> problem no matter where they are (demonstrating connectivity).
>
> Two problems:
>
>
> 1. When at Unsecure 2, the laptops will not update their DNS
> records for D2. For purposes of working on problem #2 (next), I added
> A records manually to D2. 2. When at Unsecure 2, the laptops will not
> access the Windows server's file share. Remember they will access the
> Samba file server on the same subnet, Secure 1. The error says it
> can't find the share and asks to check the name.
>
> There are no firewall rules between Secure 1 and Secure 2. It's a
> straight VPN. While there are usually firewall rules between Secure
> 2 and Unsecure 2, I removed them to test this problem with no change.
>
> This used to work. At some point it stopped. I have not updated the
> domain controllers or the Samba server referenced above in some time
> now, so no update to those caused the problem. The Windows machine
> has updated automatically and is up-to-date (just reaching Windows 10
> EOL).
>
> Clearly the laptops are unique in some way: I suspect in being on
> Unsecure 2. Their netbios settings are the "default," which uses
> netbios over TCP unless told differently by DHCP, which it doesn't.
>
> I've exhausted my limited knowledge of this and would love any tips
> you all are willing to provide. Thanks in advance!
>
> Steve
You have told us a lot there, but then really nothing, what OS's are the Linux machines running ? There are two domains, but what sort ?
There is mention of dns, so I suppose AD, but I cannot be sure. There is mention of Samba 4.9.5, so this could be Debian buster which is dead, 4.13.13 could be Debian bullseye which is in LTS support and only gets security updates.
My first thoughts are, upgrade the Samba servers so if you do have a bug, it can get fixed, you have no chance at the moment.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list