Rowland Penny
2022-Aug-22 19:59 UTC
[Samba] authn timeouts enumerating (and connecting to) shares
On Mon, 2022-08-22 at 19:42 +0000, Aaron Johnson via samba wrote:> Thanks for the swift response, Rowland! I?ve added > 'myserver.mydomain.myorg.com? to /etc/hosts; restarted smbd, nmbd, > and winbind; tried smblclient -L ? again; and don?t see any > difference in the results.What are you connecting to ? A Samba AD DC or a Windows DC ? What dns domain is the DC in ? is it 'mydomain.myorg.com' or 'myorg.com' ? Your Unix domain member must be in the same dns domain, you should not need to add anything to /etc/hosts, it should use dns to find 'myserver'. This is what I get: pi at rpidc1:~ $ time smbclient -d 2 -U SAMDOM\\rowland -L devstation.samdom.example.com rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 added interface eth0 ip=192.168.0.10 bcast=192.168.0.255 netmask=255.255.255.0 tdb(/run/samba/gencache.tdb): tdb_open_ex: could not open file /run/samba/gencache.tdb: Permission denied Password for [SAMDOM\rowland]: Sharename Type Comment --------- ---- ------- data Disk dfs Disk public Disk acltest1 Disk acltest2 Disk acltest3 Disk acltest4 Disk IPC$ IPC IPC Service (Samba Client devstation) rowland Disk Home Directories SMB1 disabled -- no workgroup available real 0m6.758s user 0m0.102s sys 0m0.041s If I embed the password, I get this: real 0m0.300s user 0m0.092s sys 0m0.046s> I?m happy to share the sanitized logs if that would make a > difference. (Would have done at the outset, but didn?t see people > sending more than brief excerpts as I browsed the archives.)We will cross that bridge when we come to it and if required, it will probably need to be posted somewhere, this list strips attachments. Rowland
Aaron Johnson
2022-Aug-22 21:04 UTC
[Samba] authn timeouts enumerating (and connecting to) shares
Sorry about the MS style quoting here. I can?t toggle it to a sane format. Anyway? MYDOM.MYORG.COM is a Windows AD domain, with only Windows DCs. The DCs appear to be Windows Server 2016, but I don?t know what the AD functional level is. (Is there an LDAP query I can use to find out? That would be easier than chasing down a member of the Windows team to find out.) The DC I?m connecting to is in mydomain.myorg.com. As is myserver.mydomain.myorg.com. However?. The DNS here is weird. I can ask questions about DC1.mydomain.myorg.com and get NXDOMAINs in return. Same for myserver.mydomain.myorg.com. My guess is that Samba is finding the DC by getting DNS A records for mydomain.myorg.com. It seems to be working without ?password server? set in the smb.conf. From: samba <samba-bounces at lists.samba.org> on behalf of Rowland Penny via samba <samba at lists.samba.org> Date: Monday, August 22, 2022 at 2:00 PM To: samba at lists.samba.org <samba at lists.samba.org> Cc: Rowland Penny <rpenny at samba.org> Subject: Re: [Samba] authn timeouts enumerating (and connecting to) shares Caution: This email is from an external sender. Please do not click links or open attachments unless you recognize the sender and know the content is safe. Forward suspicious emails to isitbad at . On Mon, 2022-08-22 at 19:42 +0000, Aaron Johnson via samba wrote:> Thanks for the swift response, Rowland! I?ve added > 'myserver.mydomain.myorg.com? to /etc/hosts; restarted smbd, nmbd, > and winbind; tried smblclient -L ? again; and don?t see any > difference in the results.What are you connecting to ? A Samba AD DC or a Windows DC ? What dns domain is the DC in ? is it 'mydomain.myorg.com' or 'myorg.com' ? Your Unix domain member must be in the same dns domain, you should not need to add anything to /etc/hosts, it should use dns to find 'myserver'.