Aaron Johnson
2022-Aug-22 21:04 UTC
[Samba] authn timeouts enumerating (and connecting to) shares
Sorry about the MS style quoting here. I can?t toggle it to a sane format. Anyway? MYDOM.MYORG.COM is a Windows AD domain, with only Windows DCs. The DCs appear to be Windows Server 2016, but I don?t know what the AD functional level is. (Is there an LDAP query I can use to find out? That would be easier than chasing down a member of the Windows team to find out.) The DC I?m connecting to is in mydomain.myorg.com. As is myserver.mydomain.myorg.com. However?. The DNS here is weird. I can ask questions about DC1.mydomain.myorg.com and get NXDOMAINs in return. Same for myserver.mydomain.myorg.com. My guess is that Samba is finding the DC by getting DNS A records for mydomain.myorg.com. It seems to be working without ?password server? set in the smb.conf. From: samba <samba-bounces at lists.samba.org> on behalf of Rowland Penny via samba <samba at lists.samba.org> Date: Monday, August 22, 2022 at 2:00 PM To: samba at lists.samba.org <samba at lists.samba.org> Cc: Rowland Penny <rpenny at samba.org> Subject: Re: [Samba] authn timeouts enumerating (and connecting to) shares Caution: This email is from an external sender. Please do not click links or open attachments unless you recognize the sender and know the content is safe. Forward suspicious emails to isitbad at . On Mon, 2022-08-22 at 19:42 +0000, Aaron Johnson via samba wrote:> Thanks for the swift response, Rowland! I?ve added > 'myserver.mydomain.myorg.com? to /etc/hosts; restarted smbd, nmbd, > and winbind; tried smblclient -L ? again; and don?t see any > difference in the results.What are you connecting to ? A Samba AD DC or a Windows DC ? What dns domain is the DC in ? is it 'mydomain.myorg.com' or 'myorg.com' ? Your Unix domain member must be in the same dns domain, you should not need to add anything to /etc/hosts, it should use dns to find 'myserver'.
Rowland Penny
2022-Aug-23 06:39 UTC
[Samba] authn timeouts enumerating (and connecting to) shares
On Mon, 2022-08-22 at 21:04 +0000, Aaron Johnson via samba wrote:> Sorry about the MS style quoting here. I can?t toggle it to a sane > format. Anyway? > > MYDOM.MYORG.COM is a Windows AD domain, with only Windows DCs. The > DCs appear to be Windows Server 2016, but I don?t know what the AD > functional level is. (Is there an LDAP query I can use to find > out? That would be easier than chasing down a member of the Windows > team to find out.) > > The DC I?m connecting to is in mydomain.myorg.com. As is > myserver.mydomain.myorg.com. However?. The DNS here is weird. I can > ask questions about DC1.mydomain.myorg.com and get NXDOMAINs in > return. Same for myserver.mydomain.myorg.com. My guess is that > Samba is finding the DC by getting DNS A records for > mydomain.myorg.com. It seems to be working without ?password server? > set in the smb.conf.I think you need to chase down a member of the Windows team and find out why the dns is weird (the functional level isn't a problem on a Unix domain member). Active Directory relies heavily on dns, so anything that connects to AD should be using the same dns domain. You shouldn't need to set 'password server', Samba should find the best DC to use, but this relies on dns. Rowland