On 3/1/21 8:40 AM, Rowland penny via samba wrote:> On 01/03/2021 13:15, K. R. Foley wrote: >> >> On 3/1/21 2:26 AM, Rowland penny via samba wrote: >>> On 28/02/2021 21:23, K. R. Foley wrote: >>>> >>>> On 2/28/21 2:52 PM, Rowland penny via samba wrote: >>>>> On 28/02/2021 20:30, K. R. Foley wrote: >>>>>> >>>>>> Contents of /etc/named.conf >>>>>> >>>>>> # Global Configuration Options >>>>>> options { >>>>>> >>>>>> ??? # Forward queries that can not be answered from own zones >>>>>> ??? # to these DNS servers: >>>>>> #??? forwarders { >>>>>> #??????? 8.8.8.8; >>>>>> #??????? 8.8.4.4; >>>>>> #??? }; >>>>>> >>>>> >>>>> Are your clients using something else for their nameserver and if >>>>> so, what ? >>>> No. Currently only this server so I can control everything. >>>>> >>>>> If there is another nameserver is this forwarding the AD dns >>>>> domain to the DC ? >>>>> >>>>> If none of the above applies and you want your clients to have >>>>> internet access, uncomment the 'forwarders' lines. >>>> >>>> The client already has access to the internet. The name server on >>>> this server acts as a caching name server and resolves names >>>> itself. That is why I have the forwarders disabled. >>> >>> >>> Your DC must be authoritative for the AD dns domain and whilst your >>> clients can use another dns server as a caching name server, the >>> caching name server must forward anything? for your AD dns domain to >>> a DC. >>> >>> Rowland >>> >> In case there was any misunderstanding due to my rattling on, the DC >> is the only DNS that the client is pointing to. I uncommented the >> forwarders section. Still the error persists. >> >> kr >> > > Everything seems okay, just about the only other things I can think of > are: > > Is a firewall getting in the way, AD uses a lot more ports than an > NT4-style domain. > > How are you starting Samba, You should just be starting the 'samba' > daemon which will start any other required daemons. > > Rowland >The firewall is disabled on the client PC. The client and the server are on 2 separate subnets separated by a VPN. I am not aware of any filtering going on between the two, but I can't say for sure without checking. Is there a list of ports somewhere that I can check to make sure that they are all being routed over the VPN? I have already checked everything that I can see in netstat on the server. Keep in mind that the client can join the domain fine if I enable SMB1 on the client. I don't want to use SMB1. That is why I am trying to figure this out. The client seems to think that the server is asking for SMB1. Is it possible that I have something else mis-configured on the client? Are there additional ports that are used by SMB2/3 that are not used by SMB1? If so, what are they? kr
On 01/03/2021 15:04, K. R. Foley wrote:> > The firewall is disabled on the client PC. The client and the server > are on 2 separate subnets separated by a VPN. I am not aware of any > filtering going on between the two, but I can't say for sure without > checking. Is there a list of ports somewhere that I can check to make > sure that they are all being routed over the VPN? I have already > checked everything that I can see in netstat on the server.For port usage, see these wiki pages: https://wiki.samba.org/index.php/Samba_NT4_PDC_Port_Usage https://wiki.samba.org/index.php/Samba_Domain_Member_Port_Usage https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage> > Keep in mind that the client can join the domain fine if I enable SMB1 > on the client. I don't want to use SMB1. That is why I am trying to > figure this out. The client seems to think that the server is asking > for SMB1.This is what I am struggling with, by default SMBv1 is turned off from Samba 4.11.0 , if you want to use SMBv1 then you have to explicitly set it in smb.conf. You haven't set it, so your DC shouldn't be using it, perhaps it is the client that is using it ? Rowland
cn at brain-biotech.de
2021-Mar-01 15:20 UTC
[Samba] Windows 10 cannot connect without SMB1
Am 01.03.21 um 16:04 schrieb K. R. Foley via samba:> The firewall is disabled on the client PC. The client and the server are > on 2 separate subnets separated by a VPN. I am not aware of any > filtering going on between the two, but I can't say for sure without > checking. Is there a list of ports somewhere that I can check to make > sure that they are all being routed over the VPN? I have already checked > everything that I can see in netstat on the server.Check this: https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage> > Keep in mind that the client can join the domain fine if I enable SMB1 > on the client. I don't want to use SMB1. That is why I am trying to > figure this out. The client seems to think that the server is asking for > SMB1. > > Is it possible that I have something else mis-configured on the client? > > Are there additional ports that are used by SMB2/3 that are not used by > SMB1? If so, what are they?These are only for SMB1/Netbios NetBIOS Name Service 137 udp NetBIOS Datagram 138 udp NetBIOS Session 139 tcp For smb2-3 you need SMB over TCP 445 tcp Regards Christian -- Dr. Christian Naumer Vice President Unit Head Bioprocess Development B.R.A.I.N Aktiengesellschaft Darmstaedter Str. 34-36, D-64673 Zwingenberg e-mail cn at brain-biotech.com, homepage www.brain-biotech.com phone +49-6251-9331-30 / fax +49-6251-9331-11 Sitz der Gesellschaft: Zwingenberg/Bergstrasse Registergericht AG Darmstadt, HRB 24758 Vorstand: Adriaan Moelker (Vorstandsvorsitzender), Lukas Linnig Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen