samba - Dec 2022 - File server joined to a samba domain accessed by windows 10-11 clients, works via ip no via dns name

On 06/12/2022 20:58, Travis Wenks via samba wrote:
> Hi all,
> First, thank you for such an amazing project!
> 
> Second an apology for an extremely long post, I tried to add all the info I
> could think of so this is a quick fix!
> 
> I support multiple client sites that we built samba dc?s from source.
> 
> I wrote a quick script to update our client dc?s. As it has no sanity
> checks or safety?s to not destroy data I will not post a functional copy of
> it here. If anyone would like it I would be glad to email it to anyone who
> wants it.
> 
> Here is the issue, we started updating 5 sites and once those were done we
> started getting reports of network drives failing.
> 
> If a user is in a group and that group defines the permissions to access a
> share they cannot access it. If the ip address is used it works fine.
> 
> So if a user is a member of a group this is the behavior,
> 
> \\file-server.domain\share
> Fails
> \\file-server\share
> Fails also, but
> \\ip-of-file-server\share
> works fine
> 
Sounds like kerberos is failing, but NTLM is working. Try getting the 
windows machine to leave the domain and rejoin, this will rewrite the 
machines kerberos ticket.

Have you considered using Debian ? Bullseye now comes with Samba 4.17.3 
from backports, this will save you having to build it yourself.

Rowland

This sounds a lot like my problem. No issue with the IP address, but all
the drive maps and file shares use the FQDN, and those have been failing
unless I add another UID to shares with `setfacl`.

The other thing I did was create a new group, copy all the members over,
then assign that group the same permissions on the file server as the
previous group. I have yet to delete the original group, but I'll be
attempting that over the winter break coming up.

On Tue, Dec 6, 2022 at 1:25 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
>
>
> On 06/12/2022 20:58, Travis Wenks via samba wrote:
> > Hi all,
> > First, thank you for such an amazing project!
> >
> > Second an apology for an extremely long post, I tried to add all the
> info I
> > could think of so this is a quick fix!
> >
> > I support multiple client sites that we built samba dc?s from source.
> >
> > I wrote a quick script to update our client dc?s. As it has no sanity
> > checks or safety?s to not destroy data I will not post a functional
copy
> of
> > it here. If anyone would like it I would be glad to email it to anyone
> who
> > wants it.
> >
> > Here is the issue, we started updating 5 sites and once those were
done
> we
> > started getting reports of network drives failing.
> >
> > If a user is in a group and that group defines the permissions to
access
> a
> > share they cannot access it. If the ip address is used it works fine.
> >
> > So if a user is a member of a group this is the behavior,
> >
> > \\file-server.domain\share
> > Fails
> > \\file-server\share
> > Fails also, but
> > \\ip-of-file-server\share
> > works fine
> >
>
> Sounds like kerberos is failing, but NTLM is working. Try getting the
> windows machine to leave the domain and rejoin, this will rewrite the
> machines kerberos ticket.
>
> Have you considered using Debian ? Bullseye now comes with Samba 4.17.3
> from backports, this will save you having to build it yourself.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Interesting...

I left the domain and did not delete the user account and I go this


The domain name "NET" might be a NetBIOS domain name.  If this is the
case,
verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the
following information can help you troubleshoot your DNS configuration.

An error occurred when DNS was queried for the service location (SRV)
resource record used to locate an Active Directory Domain Controller (AD
DC) for domain "NET".

The error was: "No records found for given DNS query."
(error code 0x0000251D DNS_INFO_NO_RECORDS)

The query was for the SRV record for _ldap._tcp.dc._msdcs.NET

I went into dns and this record _ldap._tcp.dc._msdcs.NET.domain-name.com
does exist
Additionally I checked the dns records on the workstation are pointed at
the dc's and internet is working.

I am going try and join another workstation in our lab.

Travis Wenks
Rose City Solutions
travis at rosecitysolutions.com
503-821-7000


On Tue, Dec 6, 2022 at 1:25 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
>
>
> On 06/12/2022 20:58, Travis Wenks via samba wrote:
> > Hi all,
> > First, thank you for such an amazing project!
> >
> > Second an apology for an extremely long post, I tried to add all the
> info I
> > could think of so this is a quick fix!
> >
> > I support multiple client sites that we built samba dc?s from source.
> >
> > I wrote a quick script to update our client dc?s. As it has no sanity
> > checks or safety?s to not destroy data I will not post a functional
copy
> of
> > it here. If anyone would like it I would be glad to email it to anyone
> who
> > wants it.
> >
> > Here is the issue, we started updating 5 sites and once those were
done
> we
> > started getting reports of network drives failing.
> >
> > If a user is in a group and that group defines the permissions to
access
> a
> > share they cannot access it. If the ip address is used it works fine.
> >
> > So if a user is a member of a group this is the behavior,
> >
> > \\file-server.domain\share
> > Fails
> > \\file-server\share
> > Fails also, but
> > \\ip-of-file-server\share
> > works fine
> >
>
> Sounds like kerberos is failing, but NTLM is working. Try getting the
> windows machine to leave the domain and rejoin, this will rewrite the
> machines kerberos ticket.
>
> Have you considered using Debian ? Bullseye now comes with Samba 4.17.3
> from backports, this will save you having to build it yourself.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>