Ingo Asche
2022-Dec-07 14:25 UTC
[Samba] File server joined to a samba domain accessed by windows 10-11 clients, works via ip no via dns name
Hi Rowland, yes, all checked... This error comes only in one combination: Windows to Synology DSM 7.1.1 via device name and share rights via group. Windows to Synology DSM 6.2.4 > works Windows to member server Samba 4.17.3 > works Linux to DSM 7.1.1 via autofs > works Linux to member server > works. Every other service I use with Samba (e.g. LDAP for authentication) works. And this happened first after updating Samba 4.16.6 to Samba 4.17.3 via Debian backports. So I would second you: The problem lies with Synology. Or do you have a hint what changed between Samba 4.16 and 4.17 what may caused this? Regards Ingo https://github.com/WAdama Rowland Penny via samba schrieb am 07.12.2022 um 15:09:> > > On 07/12/2022 13:42, Ingo Asche via samba wrote: >> By the way: Just checked accessing on of the shares via IP. It's the >> same like your case: The share opens. >> >> Never checked that... >> > > I take it that all the obvious culprits have been checked: > > DNS; Can you ping the synology device by name ? > ???? Can you ping from the Synology device > > Time: is the time correct ? > > This all sounds like a dns problem or a kerberos problem caused by dns. > > When you try to connect using the name, kerberos will be used, but it > falls back to NTLM if the ipaddress is used. You need dns for kerberos > to work. > > Rowland > > > >
Travis Wenks
2022-Dec-07 14:45 UTC
[Samba] File server joined to a samba domain accessed by windows 10-11 clients, works via ip no via dns name
Hi all I tested with Synology version 6.x in our lab and it works. I tested with 7.1 with and without the SMB patch and it does not work Ping is good with short name and fqdn We do use dhcp option 015 with the domain name eg for our lab net.rosecitysolutions.com Time is synced, kinit, and klist works from the Synology as well as the DC's I have run kinit test-file-share-user then klist and I get a valid ticket on all servers Is there a way to ask for members of a group via kerberos? I agree there was some change in DSM 7.x and Samba 4.17 that made it not work. Samba documentation on troubleshooting is kind of slim. Also I had to guess on the proper set up for krb5.conf and I cannot find any documentation on how to test if its working in a multi DC environment. Is that something that can be added to the wiki, or if I am bad at searching please point me at the correct file. Travis Wenks Rose City Solutions travis at rosecitysolutions.com 503-821-7000 On Wed, Dec 7, 2022 at 6:26 AM Ingo Asche via samba <samba at lists.samba.org> wrote:> Hi Rowland, > > yes, all checked... > > This error comes only in one combination: Windows to Synology DSM 7.1.1 > via device name and share rights via group. > > Windows to Synology DSM 6.2.4 > works > Windows to member server Samba 4.17.3 > works > Linux to DSM 7.1.1 via autofs > works > Linux to member server > works. > > Every other service I use with Samba (e.g. LDAP for authentication) works. > > And this happened first after updating Samba 4.16.6 to Samba 4.17.3 via > Debian backports. > > So I would second you: The problem lies with Synology. > > Or do you have a hint what changed between Samba 4.16 and 4.17 what may > caused this? > > Regards > Ingo > https://github.com/WAdama > > Rowland Penny via samba schrieb am 07.12.2022 um 15:09: > > > > > > On 07/12/2022 13:42, Ingo Asche via samba wrote: > >> By the way: Just checked accessing on of the shares via IP. It's the > >> same like your case: The share opens. > >> > >> Never checked that... > >> > > > > I take it that all the obvious culprits have been checked: > > > > DNS; Can you ping the synology device by name ? > > Can you ping from the Synology device > > > > Time: is the time correct ? > > > > This all sounds like a dns problem or a kerberos problem caused by dns. > > > > When you try to connect using the name, kerberos will be used, but it > > falls back to NTLM if the ipaddress is used. You need dns for kerberos > > to work. > > > > Rowland > > > > > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
spindles seven
2022-Dec-07 19:09 UTC
[Samba] File server joined to a samba domain accessed by windows 10-11 clients, works via ip no via dns name
On 07 December 2022 14:25 Ingo Asche wrote:> > And this happened first after updating Samba 4.16.6 to Samba 4.17.3 via Debian > backports. >Is your OS a 32-bit version? If so Michael updated Debian Backports with a fix for 32-bit systems using version 4.17.3. If you have version 2:4.17.3_dfsg-1 it has the bug you describe for 32-bit systems. Look to update to version 2:4.17.3+dfsg-2 or 2:4.17.3 at dfsg-3 to fix this. HTH Roy