Hi Rowland, Thanks for the suggestion. So far, since adding 'ntlm auth' to smb.conf on the DCs we are no longer having this problem. Only time will tell if it stays working but at least I'm no longer getting complaints from the users. regards, John On 21/11/16 10:00, Rowland Penny via samba wrote:> On Mon, 21 Nov 2016 09:31:28 +1100 > John Gardeniers via samba <samba at lists.samba.org> wrote: > >> Hi Rowland, >> >> I Upgraded from Samba 4.4.2 and we have tried the FQDN without >> success. >> >> regards, >> John >> >> >> On 21/11/16 08:02, Rowland Penny via samba wrote: >>> On Mon, 21 Nov 2016 07:42:30 +1100 >>> John Gardeniers via samba <samba at lists.samba.org> wrote: >>> >>>> Hi Louis, >>>> >>>> While it wasn't spelled out, it was firmly implied in my previous >>>> message that this problem appeared only after the Samba upgrade. >>>> Nothing else has changed that might impact RDP. There has been no >>>> change to machine names, IP addresses (we use DHCP reservations) or >>>> DNS entries. If a dash in the computer's name or DNS entry is >>>> behind this issue then it's clearly a rather serious bug in Samba. >>>> >>>> regards, >>>> John >>>> >>>> >>> It might help if you told us what version you upgraded from. >>> >>> I think there have been problems with windows machine now requiring >>> the FQDN instead of the short hostname, so this 'may' be your >>> problem, note I say 'may'. >>> >>> Rowland >>> >> > About the only change real change was 'ntlm auth', try setting this to > 'ntlm auth = yes' in smb.conf. I don't think it should affect your > problem, but as I said, it is the only real change. > > Rowland >
RDP is the protocol used by Terminal Server, at least that's how I understand it. You had to enable NTLM auth, without NTLM you have only Kerberos and Kerberos relies on SPN. I still can be wrong (easily) but it seems to me not a huge work to verify if you have these SPN on your Windows acting as RDP server. 2016-11-21 1:21 GMT+01:00 John Gardeniers via samba <samba at lists.samba.org>:> Hi Rowland, > > Thanks for the suggestion. So far, since adding 'ntlm auth' to smb.conf on > the DCs we are no longer having this problem. Only time will tell if it > stays working but at least I'm no longer getting complaints from the users. > > regards, > John > > > > On 21/11/16 10:00, Rowland Penny via samba wrote: > >> On Mon, 21 Nov 2016 09:31:28 +1100 >> John Gardeniers via samba <samba at lists.samba.org> wrote: >> >> Hi Rowland, >>> >>> I Upgraded from Samba 4.4.2 and we have tried the FQDN without >>> success. >>> >>> regards, >>> John >>> >>> >>> On 21/11/16 08:02, Rowland Penny via samba wrote: >>> >>>> On Mon, 21 Nov 2016 07:42:30 +1100 >>>> John Gardeniers via samba <samba at lists.samba.org> wrote: >>>> >>>> Hi Louis, >>>>> >>>>> While it wasn't spelled out, it was firmly implied in my previous >>>>> message that this problem appeared only after the Samba upgrade. >>>>> Nothing else has changed that might impact RDP. There has been no >>>>> change to machine names, IP addresses (we use DHCP reservations) or >>>>> DNS entries. If a dash in the computer's name or DNS entry is >>>>> behind this issue then it's clearly a rather serious bug in Samba. >>>>> >>>>> regards, >>>>> John >>>>> >>>>> >>>>> It might help if you told us what version you upgraded from. >>>> >>>> I think there have been problems with windows machine now requiring >>>> the FQDN instead of the short hostname, so this 'may' be your >>>> problem, note I say 'may'. >>>> >>>> Rowland >>>> >>>> >>> About the only change real change was 'ntlm auth', try setting this to >> 'ntlm auth = yes' in smb.conf. I don't think it should affect your >> problem, but as I said, it is the only real change. >> >> Rowland >> >> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 21/11/16 09:36, mathias dufresne via samba wrote:> RDP is the protocol used by Terminal Server, at least that's how I > understand it. > > You had to enable NTLM auth, without NTLM you have only Kerberos and > Kerberos relies on SPN. > > I still can be wrong (easily) but it seems to me not a huge work to verify > if you have these SPN on your Windows acting as RDP server. > > 2016-11-21 1:21 GMT+01:00 John Gardeniers via samba <samba at lists.samba.org>: > >I can confirm that my Windows 7 testing VMs have TERMSERV SPNs. On the other hand, the XP VMs do not, just the HOST ones. However I still seem to be able to connect to them via FQDN or short name. Cheers Alex -- This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately. This email is not intended to, nor should it be taken to, constitute advice. The information provided is correct to our knowledge & belief and must not be used as a substitute for obtaining tax, regulatory, investment, legal or any other appropriate advice. "Transact" is operated by Integrated Financial Arrangements Ltd. 29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300. (Registered office: as above; Registered in England and Wales under number: 3727592). Authorised and regulated by the Financial Conduct Authority (entered on the Financial Services Register; no. 190856).