Zendal Darkman
2019-Mar-25 11:23 UTC
[Samba] Windows clients keep losing connections (FQDN and hostname)
Connecting to \\server.domain.xx.uk\share and \\server\share, works but we tend to lose "\\server\share" within a few days, *but starts working again*. \\FQDN\share eventually stops, with windows reporting "network path not found". If I do a "net use" I can see several connections to \\fqdn\share, and running "net use * /delete", brings back the the ability to connect to \\fqdn\share. windows machines experience this at different stages. So one machine may lose connection,but another keeps working. I should add that if I use \\<IP>\share, it work's but I don't know yet if that will keeps dropping. HOWEVER, the most important thing is there are some odd firewall rules between workstations /samba servers, and the rest of organisations servers including servers such as DNS, domain controllers. The rules allow a vanilla samba "net join" (although we cant do a DNS update: DNS is hardcoded on the DNS servers and correct) . All works but for the occasional drop of connections. I'm thinking "wins".Like many others before me wonder why ping <fqdn> give the correct IP, but \\fqdn\ does not work when \\<ip> does. I'm not familiar with wins. I was thinking wins is not used for fqdn. My smb is below anything marked with ### is a comment I have put into this email (not present in actual smb.conf) [global] security = ADS workgroup = domain ###Is this needed? realm = domain.xx.uk log file = /var/log/samba/%m.log log level = 4 min protocol = smb2 ####possible cause of issue? smb encrypt = mandatory local master = no domain master = no preferred master = no wins support = no wins proxy = no dns proxy = no dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config xx : backend = rid idmap config xx : range = 10000-5999999 winbind refresh tickets = yes template shell = /bin/false template homedir = /home/%U #username map = /etc/samba/user.map vfs objects = full_audit acl_xattr full_audit:prefix = %u|%I|%m|%S full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read write rename unlink full_audit:failure = connect full_audit:facility = local5 full_audit:priority = NOTICE map acl inherit = yes store dos attributes = yes [Audit] path = /audit read only = no [Desktops] path = /export/desktops read only = no [Shortcuts] path = /export/shortcuts/ read only = no
Rowland Penny
2019-Mar-25 11:56 UTC
[Samba] Windows clients keep losing connections (FQDN and hostname)
On Mon, 25 Mar 2019 11:23:10 +0000 Zendal Darkman via samba <samba at lists.samba.org> wrote:> Connecting to \\server.domain.xx.uk\share > and \\server\share, works but we tend to lose "\\server\share" within > a few days, *but starts working again*. > \\FQDN\share eventually stops, with windows reporting "network path > not found". If I do a "net use" I can see several connections to > \\fqdn\share, and running "net use * /delete", brings back the the > ability to connect to \\fqdn\share. > > windows machines experience this at different stages. So one machine > may lose connection,but another keeps working. > > I should add that if I use \\<IP>\share, it work's but I don't know > yet if that will keeps dropping. > > HOWEVER, the most important thing is there are some odd firewall rules > between workstations /samba servers, and the rest of organisations > servers including servers such as DNS, domain controllers. The rules > allow a vanilla samba "net join" (although we cant do a DNS update: > DNS is hardcoded on the DNS servers and correct) .Where are the DNS servers and what are they ?>All works but for > the occasional drop of connections. > > I'm thinking "wins".Sounds more like a DNS problem.>Like many others before me wonder why ping <fqdn> > give the correct IP, but \\fqdn\ does not work when \\<ip> does. I'm > not familiar with wins. I was thinking wins is not used for fqdn.'wins' uses NetBIOS, so it maps the IP to the Netbios name.> > My smb is below anything marked with ### is a comment I have put into > this email (not present in actual smb.conf) > > [global] > security = ADS > workgroup = domain ###Is this needed?Yes it is, provided 'domain' is the NetBIOS domain name.> realm = domain.xx.uk > > log file = /var/log/samba/%m.log > log level = 4 > > min protocol = smb2 ####possible cause of issue? > smb encrypt = mandatory > > local master = no > domain master = no > preferred master = no > wins support = no > wins proxy = no > dns proxy = no > > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > idmap config xx : backend = rid > idmap config xx : range = 10000-5999999Here you are using 'xx' for the NetBIOS (or workgroup) name, but further up it is used as the middle part of the DNS domain 'domain.xx.uk', now this is okay, but only if this is the actual AD Netbios domain name. Rowland
Seemingly Similar Threads
- Just stop it with the "Domain Admins" nonsense
- fqdn hostname fails after reboot
- Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname
- Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname
- Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname