samba - Mar 2021 - Windows 10 cannot connect without SMB1

On 28/02/2021 21:23, K. R. Foley wrote:
>
> On 2/28/21 2:52 PM, Rowland penny via samba wrote:
>> On 28/02/2021 20:30, K. R. Foley wrote:
>>>
>>> Contents of /etc/named.conf
>>>
>>> # Global Configuration Options
>>> options {
>>>
>>> ??? # Forward queries that can not be answered from own zones
>>> ??? # to these DNS servers:
>>> #??? forwarders {
>>> #??????? 8.8.8.8;
>>> #??????? 8.8.4.4;
>>> #??? };
>>>
>>
>> Are your clients using something else for their nameserver and if so, 
>> what ?
> No. Currently only this server so I can control everything.
>>
>> If there is another nameserver is this forwarding the AD dns domain 
>> to the DC ?
>>
>> If none of the above applies and you want your clients to have 
>> internet access, uncomment the 'forwarders' lines.
>
> The client already has access to the internet. The name server on this 
> server acts as a caching name server and resolves names itself. That 
> is why I have the forwarders disabled.

Your DC must be authoritative for the AD dns domain and whilst your 
clients can use another dns server as a caching name server, the caching 
name server must forward anything? for your AD dns domain to a DC.

Rowland

On 3/1/21 2:26 AM, Rowland penny via samba wrote:
> On 28/02/2021 21:23, K. R. Foley wrote:
>>
>> On 2/28/21 2:52 PM, Rowland penny via samba wrote:
>>> On 28/02/2021 20:30, K. R. Foley wrote:
>>>>
>>>> Contents of /etc/named.conf
>>>>
>>>> # Global Configuration Options
>>>> options {
>>>>
>>>> ??? # Forward queries that can not be answered from own zones
>>>> ??? # to these DNS servers:
>>>> #??? forwarders {
>>>> #??????? 8.8.8.8;
>>>> #??????? 8.8.4.4;
>>>> #??? };
>>>>
>>>
>>> Are your clients using something else for their nameserver and if 
>>> so, what ?
>> No. Currently only this server so I can control everything.
>>>
>>> If there is another nameserver is this forwarding the AD dns domain
>>> to the DC ?
>>>
>>> If none of the above applies and you want your clients to have 
>>> internet access, uncomment the 'forwarders' lines.
>>
>> The client already has access to the internet. The name server on 
>> this server acts as a caching name server and resolves names itself. 
>> That is why I have the forwarders disabled.
>
>
> Your DC must be authoritative for the AD dns domain and whilst your 
> clients can use another dns server as a caching name server, the 
> caching name server must forward anything? for your AD dns domain to a 
> DC.
>
> Rowland
>
In case there was any misunderstanding due to my rattling on, the DC is 
the only DNS that the client is pointing to. I uncommented the 
forwarders section. Still the error persists.

kr