Travis Wenks
2022-Dec-06 22:09 UTC
[Samba] File server joined to a samba domain accessed by windows 10-11 clients, works via ip no via dns name
Interesting... I left the domain and did not delete the user account and I go this The domain name "NET" might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS. If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration. An error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "NET". The error was: "No records found for given DNS query." (error code 0x0000251D DNS_INFO_NO_RECORDS) The query was for the SRV record for _ldap._tcp.dc._msdcs.NET I went into dns and this record _ldap._tcp.dc._msdcs.NET.domain-name.com does exist Additionally I checked the dns records on the workstation are pointed at the dc's and internet is working. I am going try and join another workstation in our lab. Travis Wenks Rose City Solutions travis at rosecitysolutions.com 503-821-7000 On Tue, Dec 6, 2022 at 1:25 PM Rowland Penny via samba < samba at lists.samba.org> wrote:> > > On 06/12/2022 20:58, Travis Wenks via samba wrote: > > Hi all, > > First, thank you for such an amazing project! > > > > Second an apology for an extremely long post, I tried to add all the > info I > > could think of so this is a quick fix! > > > > I support multiple client sites that we built samba dc?s from source. > > > > I wrote a quick script to update our client dc?s. As it has no sanity > > checks or safety?s to not destroy data I will not post a functional copy > of > > it here. If anyone would like it I would be glad to email it to anyone > who > > wants it. > > > > Here is the issue, we started updating 5 sites and once those were done > we > > started getting reports of network drives failing. > > > > If a user is in a group and that group defines the permissions to access > a > > share they cannot access it. If the ip address is used it works fine. > > > > So if a user is a member of a group this is the behavior, > > > > \\file-server.domain\share > > Fails > > \\file-server\share > > Fails also, but > > \\ip-of-file-server\share > > works fine > > > > Sounds like kerberos is failing, but NTLM is working. Try getting the > windows machine to leave the domain and rejoin, this will rewrite the > machines kerberos ticket. > > Have you considered using Debian ? Bullseye now comes with Samba 4.17.3 > from backports, this will save you having to build it yourself. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Travis Wenks
2022-Dec-06 22:25 UTC
[Samba] File server joined to a samba domain accessed by windows 10-11 clients, works via ip no via dns name
OK I am scratching my head here.. I mistakenly said user account, I intended to say the computer account. The workstation would not join and reuse the computer account. After deleting this in AD I was able to join with no problems. Are we saying the kerberos ticket is bad and needs to be re-created? Would this be to the upgrade from 4.16 to 4.17? Also is the solution to remove the computer account and rejoin the pc's? Travis Wenks Rose City Solutions travis at rosecitysolutions.com 503-821-7000 On Tue, Dec 6, 2022 at 2:09 PM Travis Wenks <travis at rosecitysolutions.com> wrote:> Interesting... > > I left the domain and did not delete the user account and I go this > > > The domain name "NET" might be a NetBIOS domain name. If this is the > case, verify that the domain name is properly registered with WINS. > > If you are certain that the name is not a NetBIOS domain name, then the > following information can help you troubleshoot your DNS configuration. > > An error occurred when DNS was queried for the service location (SRV) > resource record used to locate an Active Directory Domain Controller (AD > DC) for domain "NET". > > The error was: "No records found for given DNS query." > (error code 0x0000251D DNS_INFO_NO_RECORDS) > > The query was for the SRV record for _ldap._tcp.dc._msdcs.NET > > I went into dns and this record _ldap._tcp.dc._msdcs.NET.domain-name.com > does exist > Additionally I checked the dns records on the workstation are pointed at > the dc's and internet is working. > > I am going try and join another workstation in our lab. > > Travis Wenks > Rose City Solutions > travis at rosecitysolutions.com > 503-821-7000 > > > On Tue, Dec 6, 2022 at 1:25 PM Rowland Penny via samba < > samba at lists.samba.org> wrote: > >> >> >> On 06/12/2022 20:58, Travis Wenks via samba wrote: >> > Hi all, >> > First, thank you for such an amazing project! >> > >> > Second an apology for an extremely long post, I tried to add all the >> info I >> > could think of so this is a quick fix! >> > >> > I support multiple client sites that we built samba dc?s from source. >> > >> > I wrote a quick script to update our client dc?s. As it has no sanity >> > checks or safety?s to not destroy data I will not post a functional >> copy of >> > it here. If anyone would like it I would be glad to email it to anyone >> who >> > wants it. >> > >> > Here is the issue, we started updating 5 sites and once those were done >> we >> > started getting reports of network drives failing. >> > >> > If a user is in a group and that group defines the permissions to >> access a >> > share they cannot access it. If the ip address is used it works fine. >> > >> > So if a user is a member of a group this is the behavior, >> > >> > \\file-server.domain\share >> > Fails >> > \\file-server\share >> > Fails also, but >> > \\ip-of-file-server\share >> > works fine >> > >> >> Sounds like kerberos is failing, but NTLM is working. Try getting the >> windows machine to leave the domain and rejoin, this will rewrite the >> machines kerberos ticket. >> >> Have you considered using Debian ? Bullseye now comes with Samba 4.17.3 >> from backports, this will save you having to build it yourself. >> >> Rowland >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >