Hi, Wondering if anyone can help with a weird issue I'm having - Just set up a new server (RHEL 7.4) and have migrated my samba configuration from my old server (Fedora 25), I'm experiencing an issue where by if my the name of my workgroup a domain i.e. it has a period in it, then none of my Linux clients can detect the broadcast and smbtree on both client and server is completely empty. I can manually connect via domain, hostname, ip etc... If I take this further and run smbtree -d4, then I can see that it's complaining about not being able to determine the master browser for WORKGROUP.COM <http://workgroup.com/>. In Windows however everything works fine, the server pops up almost instantaneously. The domain is propagated through dns and all clients can resolve the domain name no problem. If I change the samba workgroup to something that isn't a domain name, then everything works again and it's correctly displaying in smbtree on all clients and server. I don't get it - can someone advise? smb.conf: [global] server string = host01-name01 workgroup = workgroup.com netbios name = host01-name01 bind interfaces only = yes interfaces = lo enp4s0 enp0s31f6 hosts allow = 192.168.150. name resolve order = wins bcast security = user passdb backend = tdbsam encrypt passwords = true domain master = yes preferred master = yes local master = yes browseable = yes deadtime = 15 dns proxy = no getwd cache = yes load printers = no mangled names = no map archive = no map to guest = never min receivefile size = 16384 os level = 255 printable = no printcap name = /dev/null read raw = yes unix extensions = yes use sendfile = yes wins support = yes write raw = yes writeable = yes logging = file log file = /var/log/samba/log.%m max log size = 50 shadow: snapdir = .zfs/snapshot shadow: snapdirseverywhere = yes shadow: format = autosnap_%Y-%m-%d_%H:%M:%S_hourly shadow: localtime = yes Kind Regards, Dominic
Hi Dominic,> > Wondering if anyone can help with a weird issue I'm having - > > Just set up a new server (RHEL 7.4) and have migrated my samba > configuration from my old server (Fedora 25), I'm experiencing an issue > where by if my the name of my workgroup a domain i.e. it has a period in > it, then none of my Linux clients can detect the broadcast and smbtree on > both client and server is completely empty. I can manually connect via > domain, hostname, ip etc...from [1] : "[NetBIOS domain] names can contain a period (.). However, the name cannot start with a period. The use of non-DNS names with periods is allowed in Microsoft Windows NT. However, periods should not be used in Active Directory domains. If you are upgrading a domain whose NetBIOS name contains a period, change the name by migrating the domain to a new domain structure. *Do not use periods in new NetBIOS domain names*." So, if MS tells you specifically "Do not use", then I'd say it may be logic to not use it with Samba either... I've done quite a few NT4 to Samba AD migration which had dotted netbios domain name in the past, I know it does mostly work, but it is really not a good idea. It prevents standard migration path to AD, and you'll have some subtle bugs to deals with. Cheers, Denis [1] https://support.microsoft.com/en-us/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and> > If I take this further and run smbtree -d4, then I can see that it's > complaining about not being able to determine the master browser for > WORKGROUP.COM <http://workgroup.com/>. In Windows however everything works > fine, the server pops up almost instantaneously. > > The domain is propagated through dns and all clients can resolve the domain > name no problem. If I change the samba workgroup to something that isn't a > domain name, then everything works again and it's correctly displaying in > smbtree on all clients and server. > > I don't get it - can someone advise? > > smb.conf: > [global] > server string = host01-name01 > workgroup = workgroup.com > netbios name = host01-name01 > bind interfaces only = yes > interfaces = lo enp4s0 enp0s31f6 > hosts allow = 192.168.150. > name resolve order = wins bcast > security = user > passdb backend = tdbsam > encrypt passwords = true > domain master = yes > preferred master = yes > local master = yes > browseable = yes > deadtime = 15 > dns proxy = no > getwd cache = yes > load printers = no > mangled names = no > map archive = no > map to guest = never > min receivefile size = 16384 > os level = 255 > printable = no > printcap name = /dev/null > read raw = yes > unix extensions = yes > use sendfile = yes > wins support = yes > write raw = yes > writeable = yes > logging = file > log file = /var/log/samba/log.%m > max log size = 50 > shadow: snapdir = .zfs/snapshot > shadow: snapdirseverywhere = yes > shadow: format = autosnap_%Y-%m-%d_%H:%M:%S_hourly > shadow: localtime = yes > > Kind Regards, > Dominic >-- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil-it-systems.fr
Thanks Denis, I wasn't aware that workgroup was actually called netbios domain names - this led me here https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ#NetBIOS_Domain_Naming which categorically says do not use punctuation in it. Kind Regards, Dominic On 31 August 2017 at 19:05, Denis Cardon <dcardon at tranquil.it> wrote:> Hi Dominic, > >> >> Wondering if anyone can help with a weird issue I'm having - >> >> Just set up a new server (RHEL 7.4) and have migrated my samba >> configuration from my old server (Fedora 25), I'm experiencing an issue >> where by if my the name of my workgroup a domain i.e. it has a period in >> it, then none of my Linux clients can detect the broadcast and smbtree on >> both client and server is completely empty. I can manually connect via >> domain, hostname, ip etc... >> > > from [1] : "[NetBIOS domain] names can contain a period (.). However, the > name cannot start with a period. The use of non-DNS names with periods is > allowed in Microsoft Windows NT. However, periods should not be used in > Active Directory domains. If you are upgrading a domain whose NetBIOS name > contains a period, change the name by migrating the domain to a new domain > structure. *Do not use periods in new NetBIOS domain names*." > > > So, if MS tells you specifically "Do not use", then I'd say it may be > logic to not use it with Samba either... I've done quite a few NT4 to Samba > AD migration which had dotted netbios domain name in the past, I know it > does mostly work, but it is really not a good idea. It prevents standard > migration path to AD, and you'll have some subtle bugs to deals with. > > Cheers, > > Denis > > > [1] https://support.microsoft.com/en-us/help/909264/naming-conve > ntions-in-active-directory-for-computers-domains-sites-and > > > >> If I take this further and run smbtree -d4, then I can see that it's >> complaining about not being able to determine the master browser for >> WORKGROUP.COM <http://workgroup.com/>. In Windows however everything >> works >> >> fine, the server pops up almost instantaneously. >> >> The domain is propagated through dns and all clients can resolve the >> domain >> name no problem. If I change the samba workgroup to something that isn't a >> domain name, then everything works again and it's correctly displaying in >> smbtree on all clients and server. >> >> I don't get it - can someone advise? >> >> smb.conf: >> [global] >> server string = host01-name01 >> workgroup = workgroup.com >> netbios name = host01-name01 >> bind interfaces only = yes >> interfaces = lo enp4s0 enp0s31f6 >> hosts allow = 192.168.150. >> name resolve order = wins bcast >> security = user >> passdb backend = tdbsam >> encrypt passwords = true >> domain master = yes >> preferred master = yes >> local master = yes >> browseable = yes >> deadtime = 15 >> dns proxy = no >> getwd cache = yes >> load printers = no >> mangled names = no >> map archive = no >> map to guest = never >> min receivefile size = 16384 >> os level = 255 >> printable = no >> printcap name = /dev/null >> read raw = yes >> unix extensions = yes >> use sendfile = yes >> wins support = yes >> write raw = yes >> writeable = yes >> logging = file >> log file = /var/log/samba/log.%m >> max log size = 50 >> shadow: snapdir = .zfs/snapshot >> shadow: snapdirseverywhere = yes >> shadow: format = autosnap_%Y-%m-%d_%H:%M:%S_hourly >> shadow: localtime = yes >> >> Kind Regards, >> Dominic >> >> > -- > Denis Cardon > Tranquil IT Systems > Les Espaces Jules Verne, bâtiment A > 12 avenue Jules Verne > 44230 Saint Sébastien sur Loire > tel : +33 (0) 2.40.97.57.55 > http://www.tranquil-it-systems.fr > >