On 01/03/2021 13:15, K. R. Foley wrote:> > On 3/1/21 2:26 AM, Rowland penny via samba wrote: >> On 28/02/2021 21:23, K. R. Foley wrote: >>> >>> On 2/28/21 2:52 PM, Rowland penny via samba wrote: >>>> On 28/02/2021 20:30, K. R. Foley wrote: >>>>> >>>>> Contents of /etc/named.conf >>>>> >>>>> # Global Configuration Options >>>>> options { >>>>> >>>>> ??? # Forward queries that can not be answered from own zones >>>>> ??? # to these DNS servers: >>>>> #??? forwarders { >>>>> #??????? 8.8.8.8; >>>>> #??????? 8.8.4.4; >>>>> #??? }; >>>>> >>>> >>>> Are your clients using something else for their nameserver and if >>>> so, what ? >>> No. Currently only this server so I can control everything. >>>> >>>> If there is another nameserver is this forwarding the AD dns domain >>>> to the DC ? >>>> >>>> If none of the above applies and you want your clients to have >>>> internet access, uncomment the 'forwarders' lines. >>> >>> The client already has access to the internet. The name server on >>> this server acts as a caching name server and resolves names itself. >>> That is why I have the forwarders disabled. >> >> >> Your DC must be authoritative for the AD dns domain and whilst your >> clients can use another dns server as a caching name server, the >> caching name server must forward anything? for your AD dns domain to >> a DC. >> >> Rowland >> > In case there was any misunderstanding due to my rattling on, the DC > is the only DNS that the client is pointing to. I uncommented the > forwarders section. Still the error persists. > > kr >Everything seems okay, just about the only other things I can think of are: Is a firewall getting in the way, AD uses a lot more ports than an NT4-style domain. How are you starting Samba, You should just be starting the 'samba' daemon which will start any other required daemons. Rowland
On 3/1/21 8:40 AM, Rowland penny via samba wrote:> On 01/03/2021 13:15, K. R. Foley wrote: >> >> On 3/1/21 2:26 AM, Rowland penny via samba wrote: >>> On 28/02/2021 21:23, K. R. Foley wrote: >>>> >>>> On 2/28/21 2:52 PM, Rowland penny via samba wrote: >>>>> On 28/02/2021 20:30, K. R. Foley wrote: >>>>>> >>>>>> Contents of /etc/named.conf >>>>>> >>>>>> # Global Configuration Options >>>>>> options { >>>>>> >>>>>> ??? # Forward queries that can not be answered from own zones >>>>>> ??? # to these DNS servers: >>>>>> #??? forwarders { >>>>>> #??????? 8.8.8.8; >>>>>> #??????? 8.8.4.4; >>>>>> #??? }; >>>>>> >>>>> >>>>> Are your clients using something else for their nameserver and if >>>>> so, what ? >>>> No. Currently only this server so I can control everything. >>>>> >>>>> If there is another nameserver is this forwarding the AD dns >>>>> domain to the DC ? >>>>> >>>>> If none of the above applies and you want your clients to have >>>>> internet access, uncomment the 'forwarders' lines. >>>> >>>> The client already has access to the internet. The name server on >>>> this server acts as a caching name server and resolves names >>>> itself. That is why I have the forwarders disabled. >>> >>> >>> Your DC must be authoritative for the AD dns domain and whilst your >>> clients can use another dns server as a caching name server, the >>> caching name server must forward anything? for your AD dns domain to >>> a DC. >>> >>> Rowland >>> >> In case there was any misunderstanding due to my rattling on, the DC >> is the only DNS that the client is pointing to. I uncommented the >> forwarders section. Still the error persists. >> >> kr >> > > Everything seems okay, just about the only other things I can think of > are: > > Is a firewall getting in the way, AD uses a lot more ports than an > NT4-style domain. > > How are you starting Samba, You should just be starting the 'samba' > daemon which will start any other required daemons. > > Rowland >The firewall is disabled on the client PC. The client and the server are on 2 separate subnets separated by a VPN. I am not aware of any filtering going on between the two, but I can't say for sure without checking. Is there a list of ports somewhere that I can check to make sure that they are all being routed over the VPN? I have already checked everything that I can see in netstat on the server. Keep in mind that the client can join the domain fine if I enable SMB1 on the client. I don't want to use SMB1. That is why I am trying to figure this out. The client seems to think that the server is asking for SMB1. Is it possible that I have something else mis-configured on the client? Are there additional ports that are used by SMB2/3 that are not used by SMB1? If so, what are they? kr
Try this. disconnect all network drives from W10. open dos box net use L: \\server.FQDN\share /user:username at REALM.TLD did that work?> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens K. R. Foley via > samba > Verzonden: maandag 1 maart 2021 16:05 > Aan: Rowland penny; sambalist > Onderwerp: Re: [Samba] Windows 10 cannot connect without SMB1 > > On 3/1/21 8:40 AM, Rowland penny via samba wrote: > > On 01/03/2021 13:15, K. R. Foley wrote: > >> > >> On 3/1/21 2:26 AM, Rowland penny via samba wrote: > >>> On 28/02/2021 21:23, K. R. Foley wrote: > >>>> > >>>> On 2/28/21 2:52 PM, Rowland penny via samba wrote: > >>>>> On 28/02/2021 20:30, K. R. Foley wrote: > >>>>>> > >>>>>> Contents of /etc/named.conf > >>>>>> > >>>>>> # Global Configuration Options > >>>>>> options { > >>>>>> > >>>>>> ??? # Forward queries that can not be answered from own zones > >>>>>> ??? # to these DNS servers: > >>>>>> #??? forwarders { > >>>>>> #??????? 8.8.8.8; > >>>>>> #??????? 8.8.4.4; > >>>>>> #??? }; > >>>>>> > >>>>> > >>>>> Are your clients using something else for their nameserver and if > >>>>> so, what ? > >>>> No. Currently only this server so I can control everything. > >>>>> > >>>>> If there is another nameserver is this forwarding the AD dns > >>>>> domain to the DC ? > >>>>> > >>>>> If none of the above applies and you want your clients to have > >>>>> internet access, uncomment the 'forwarders' lines. > >>>> > >>>> The client already has access to the internet. The name server on > >>>> this server acts as a caching name server and resolves names > >>>> itself. That is why I have the forwarders disabled. > >>> > >>> > >>> Your DC must be authoritative for the AD dns domain and whilst your > >>> clients can use another dns server as a caching name server, the > >>> caching name server must forward anything? for your AD dns domain to > >>> a DC. > >>> > >>> Rowland > >>> > >> In case there was any misunderstanding due to my rattling on, the DC > >> is the only DNS that the client is pointing to. I uncommented the > >> forwarders section. Still the error persists. > >> > >> kr > >> > > > > Everything seems okay, just about the only other things I can think of > > are: > > > > Is a firewall getting in the way, AD uses a lot more ports than an > > NT4-style domain. > > > > How are you starting Samba, You should just be starting the 'samba' > > daemon which will start any other required daemons. > > > > Rowland > > > The firewall is disabled on the client PC. The client and the server are > on 2 separate subnets separated by a VPN. I am not aware of any > filtering going on between the two, but I can't say for sure without > checking. Is there a list of ports somewhere that I can check to make > sure that they are all being routed over the VPN? I have already checked > everything that I can see in netstat on the server. > > Keep in mind that the client can join the domain fine if I enable SMB1 > on the client. I don't want to use SMB1. That is why I am trying to > figure this out. The client seems to think that the server is asking for > SMB1. > > Is it possible that I have something else mis-configured on the client? > > Are there additional ports that are used by SMB2/3 that are not used by > SMB1? If so, what are they? > > kr > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba