Rowland Penny
2022-Dec-07 14:09 UTC
[Samba] File server joined to a samba domain accessed by windows 10-11 clients, works via ip no via dns name
On 07/12/2022 13:42, Ingo Asche via samba wrote:> By the way: Just checked accessing on of the shares via IP. It's the > same like your case: The share opens. > > Never checked that... >I take it that all the obvious culprits have been checked: DNS; Can you ping the synology device by name ? Can you ping from the Synology device Time: is the time correct ? This all sounds like a dns problem or a kerberos problem caused by dns. When you try to connect using the name, kerberos will be used, but it falls back to NTLM if the ipaddress is used. You need dns for kerberos to work. Rowland
Ingo Asche
2022-Dec-07 14:25 UTC
[Samba] File server joined to a samba domain accessed by windows 10-11 clients, works via ip no via dns name
Hi Rowland, yes, all checked... This error comes only in one combination: Windows to Synology DSM 7.1.1 via device name and share rights via group. Windows to Synology DSM 6.2.4 > works Windows to member server Samba 4.17.3 > works Linux to DSM 7.1.1 via autofs > works Linux to member server > works. Every other service I use with Samba (e.g. LDAP for authentication) works. And this happened first after updating Samba 4.16.6 to Samba 4.17.3 via Debian backports. So I would second you: The problem lies with Synology. Or do you have a hint what changed between Samba 4.16 and 4.17 what may caused this? Regards Ingo https://github.com/WAdama Rowland Penny via samba schrieb am 07.12.2022 um 15:09:> > > On 07/12/2022 13:42, Ingo Asche via samba wrote: >> By the way: Just checked accessing on of the shares via IP. It's the >> same like your case: The share opens. >> >> Never checked that... >> > > I take it that all the obvious culprits have been checked: > > DNS; Can you ping the synology device by name ? > ???? Can you ping from the Synology device > > Time: is the time correct ? > > This all sounds like a dns problem or a kerberos problem caused by dns. > > When you try to connect using the name, kerberos will be used, but it > falls back to NTLM if the ipaddress is used. You need dns for kerberos > to work. > > Rowland > > > >