Hi Rowland, I Upgraded from Samba 4.4.2 and we have tried the FQDN without success. regards, John On 21/11/16 08:02, Rowland Penny via samba wrote:> On Mon, 21 Nov 2016 07:42:30 +1100 > John Gardeniers via samba <samba at lists.samba.org> wrote: > >> Hi Louis, >> >> While it wasn't spelled out, it was firmly implied in my previous >> message that this problem appeared only after the Samba upgrade. >> Nothing else has changed that might impact RDP. There has been no >> change to machine names, IP addresses (we use DHCP reservations) or >> DNS entries. If a dash in the computer's name or DNS entry is behind >> this issue then it's clearly a rather serious bug in Samba. >> >> regards, >> John >> >> > It might help if you told us what version you upgraded from. > > I think there have been problems with windows machine now requiring the > FQDN instead of the short hostname, so this 'may' be your problem, note > I say 'may'. > > Rowland >
On Mon, 21 Nov 2016 09:31:28 +1100 John Gardeniers via samba <samba at lists.samba.org> wrote:> Hi Rowland, > > I Upgraded from Samba 4.4.2 and we have tried the FQDN without > success. > > regards, > John > > > On 21/11/16 08:02, Rowland Penny via samba wrote: > > On Mon, 21 Nov 2016 07:42:30 +1100 > > John Gardeniers via samba <samba at lists.samba.org> wrote: > > > >> Hi Louis, > >> > >> While it wasn't spelled out, it was firmly implied in my previous > >> message that this problem appeared only after the Samba upgrade. > >> Nothing else has changed that might impact RDP. There has been no > >> change to machine names, IP addresses (we use DHCP reservations) or > >> DNS entries. If a dash in the computer's name or DNS entry is > >> behind this issue then it's clearly a rather serious bug in Samba. > >> > >> regards, > >> John > >> > >> > > It might help if you told us what version you upgraded from. > > > > I think there have been problems with windows machine now requiring > > the FQDN instead of the short hostname, so this 'may' be your > > problem, note I say 'may'. > > > > Rowland > > > >About the only change real change was 'ntlm auth', try setting this to 'ntlm auth = yes' in smb.conf. I don't think it should affect your problem, but as I said, it is the only real change. Rowland
Hi Rowland, Thanks for the suggestion. So far, since adding 'ntlm auth' to smb.conf on the DCs we are no longer having this problem. Only time will tell if it stays working but at least I'm no longer getting complaints from the users. regards, John On 21/11/16 10:00, Rowland Penny via samba wrote:> On Mon, 21 Nov 2016 09:31:28 +1100 > John Gardeniers via samba <samba at lists.samba.org> wrote: > >> Hi Rowland, >> >> I Upgraded from Samba 4.4.2 and we have tried the FQDN without >> success. >> >> regards, >> John >> >> >> On 21/11/16 08:02, Rowland Penny via samba wrote: >>> On Mon, 21 Nov 2016 07:42:30 +1100 >>> John Gardeniers via samba <samba at lists.samba.org> wrote: >>> >>>> Hi Louis, >>>> >>>> While it wasn't spelled out, it was firmly implied in my previous >>>> message that this problem appeared only after the Samba upgrade. >>>> Nothing else has changed that might impact RDP. There has been no >>>> change to machine names, IP addresses (we use DHCP reservations) or >>>> DNS entries. If a dash in the computer's name or DNS entry is >>>> behind this issue then it's clearly a rather serious bug in Samba. >>>> >>>> regards, >>>> John >>>> >>>> >>> It might help if you told us what version you upgraded from. >>> >>> I think there have been problems with windows machine now requiring >>> the FQDN instead of the short hostname, so this 'may' be your >>> problem, note I say 'may'. >>> >>> Rowland >>> >> > About the only change real change was 'ntlm auth', try setting this to > 'ntlm auth = yes' in smb.conf. I don't think it should affect your > problem, but as I said, it is the only real change. > > Rowland >
Hai John, I saw that this was resolved. Just interested, are you using SSL/TLS with samba on you servers, and do you have you publish the AD DC/CA Root to your computers? Did you look here in GPO : Computer Configuration -> Administrative Templates -> System -> Credentials Delegation. Before lowering samba security settings. Some good info here to read into. https://blogs.technet.microsoft.com/enterprisemobility/2008/07/21/configuring-terminal-servers-for-server-authentication-to-prevent-man-in-the-middle-attacks/ and some extra good info. Single Sign-On for Terminal Services http://technet.microsoft.com/en-us/library/cc772108(v=WS.10).aspx and here SSO in RDP. https://technet.microsoft.com/en-us/library/cc742808.aspx Greetz, Louis> -----Oorspronkelijk bericht-----> Van: samba [mailto:samba-bounces at lists.samba.org] Namens John Gardeniers> via samba> Verzonden: maandag 21 november 2016 1:22> Aan: samba at lists.samba.org> Onderwerp: Re: [Samba] [Solved?] Problem since upgrade to 4.5.1>> Hi Rowland,>> Thanks for the suggestion. So far, since adding 'ntlm auth' to smb.conf> on the DCs we are no longer having this problem. Only time will tell if> it stays working but at least I'm no longer getting complaints from the> users.>> regards,> John>>> On 21/11/16 10:00, Rowland Penny via samba wrote:> > On Mon, 21 Nov 2016 09:31:28 +1100> > John Gardeniers via samba <samba at lists.samba.org> wrote:> >> >> Hi Rowland,> >>> >> I Upgraded from Samba 4.4.2 and we have tried the FQDN without> >> success.> >>> >> regards,> >> John> >>> >>> >> On 21/11/16 08:02, Rowland Penny via samba wrote:> >>> On Mon, 21 Nov 2016 07:42:30 +1100> >>> John Gardeniers via samba <samba at lists.samba.org> wrote:> >>>> >>>> Hi Louis,> >>>>> >>>> While it wasn't spelled out, it was firmly implied in my previous> >>>> message that this problem appeared only after the Samba upgrade.> >>>> Nothing else has changed that might impact RDP. There has been no> >>>> change to machine names, IP addresses (we use DHCP reservations) or> >>>> DNS entries. If a dash in the computer's name or DNS entry is> >>>> behind this issue then it's clearly a rather serious bug in Samba.> >>>>> >>>> regards,> >>>> John> >>>>> >>>>> >>> It might help if you told us what version you upgraded from.> >>>> >>> I think there have been problems with windows machine now requiring> >>> the FQDN instead of the short hostname, so this 'may' be your> >>> problem, note I say 'may'.> >>>> >>> Rowland> >>>> >>> > About the only change real change was 'ntlm auth', try setting this to> > 'ntlm auth = yes' in smb.conf. I don't think it should affect your> > problem, but as I said, it is the only real change.> >> > Rowland> >>>> --> To unsubscribe from this list go to the following URL and read the> instructions: https://lists.samba.org/mailman/options/samba