On 01/03/2021 15:35, K. R. Foley wrote:>
> On 3/1/21 9:19 AM, Rowland penny via samba wrote:
>> On 01/03/2021 15:04, K. R. Foley wrote:
>>>
>>> The firewall is disabled on the client PC. The client and the
server
>>> are on 2 separate subnets separated by a VPN. I am not aware of any
>>> filtering going on between the two, but I can't say for sure
without
>>> checking. Is there a list of ports somewhere that I can check to
>>> make sure that they are all being routed over the VPN? I have
>>> already checked everything that I can see in netstat on the server.
>>
>>
>> For port usage, see these wiki pages:
>>
>> https://wiki.samba.org/index.php/Samba_NT4_PDC_Port_Usage
>>
>> https://wiki.samba.org/index.php/Samba_Domain_Member_Port_Usage
>>
>> https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
>>
>>>
>>> Keep in mind that the client can join the domain fine if I enable
>>> SMB1 on the client. I don't want to use SMB1. That is why I am
>>> trying to figure this out. The client seems to think that the
server
>>> is asking for SMB1.
>>
>>
>> This is what I am struggling with, by default SMBv1 is turned off
>> from Samba 4.11.0 , if you want to use SMBv1 then you have to
>> explicitly set it in smb.conf. You haven't set it, so your DC
>> shouldn't be using it, perhaps it is the client that is using it ?
>>
>> Rowland
>>
> I have disabled SMB1 using "Disable-WindowsOptionalFeature -Online
> -FeatureName SMB1Protocol". If I enable it, it works.
>
> kr
>
When you join to a domain, the client searches for a DC, I am now
wondering if something else (that is SMBv1 aware) is replying and
causing the error message, perhaps the old PDC ?
Rowland