Rowland Penny
2024-Jan-03 17:57 UTC
[Samba] {Device Timeout} The I/O operation specified in %hs was not completed before the timeout period expired
On Wed, 3 Jan 2024 14:42:54 -0300 Elias Pereira <empbilly at gmail.com> wrote:> > > > and not between your DCs. > > You're right. If it's on the same network/vlan, it doesn't go through > the gateway/firewall. >I am not sure what you are trying to say, but your pfsense device shouldn't come into your AD domain dns. Your AD clients (and this includes the DCs) should look to AD to find each other and anything outside the AD dns domain should be forwarded to a dns server outside the AD domain. If you are going to use a firewall, it should be a software type running on each DC/AD client. Rowland
Elias Pereira
2024-Jan-03 18:24 UTC
[Samba] {Device Timeout} The I/O operation specified in %hs was not completed before the timeout period expired
> > I am not sure what you are trying to say, but your pfsense device > shouldn't come into your AD domain dns.I mean that between the DCs, pfsense won't block them because they're on the same vlan. Your AD clients (and this> includes the DCs) should look to AD to find each other and anything > outside the AD dns domain should be forwarded to a dns server outside > the AD domain.And yes, the configuration of the DCs is as you described. The clients receive the DCs' IPs as DNS via pfsense DHCP and bind9 forwards what doesn't belong to the DCs to our authoritative DNS. root at dc2:~# netstat -plaunt | egrep "ntp|bind|named|samba|?mbd" https://pastebin.com/raw/NbECKVB8 (output from command netstat) Regarding the command above, I think the ports are OK? Can you test the command below on one of your DCs? nmap -p 53,88,123,135,137,138,139,389,445,464,636,3268,3269 -sV <DC IP> On Wed, Jan 3, 2024 at 2:57?PM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Wed, 3 Jan 2024 14:42:54 -0300 > Elias Pereira <empbilly at gmail.com> wrote: > > > > > > > and not between your DCs. > > > > You're right. If it's on the same network/vlan, it doesn't go through > > the gateway/firewall. > > > > I am not sure what you are trying to say, but your pfsense device > shouldn't come into your AD domain dns. Your AD clients (and this > includes the DCs) should look to AD to find each other and anything > outside the AD dns domain should be forwarded to a dns server outside > the AD domain. If you are going to use a firewall, it should be a > software type running on each DC/AD client. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Elias Pereira