Web lists-archives.com

Re: [Samba] Windows clients keep losing connections (FQDN and hostname)




On Mon, 25 Mar 2019 11:23:10 +0000
Zendal Darkman via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Connecting to \\server.domain.xx.uk\share
> and \\server\share, works but we tend to lose "\\server\share" within
> a few days, *but starts working again*.
> \\FQDN\share eventually stops, with windows reporting "network path
> not found". If I do a "net use" I can see several connections to
> \\fqdn\share, and running "net use * /delete", brings back  the the
> ability to connect to \\fqdn\share.
> 
> windows machines experience this at different stages. So one machine
> may lose connection,but another keeps working.
> 
> I should add that if I use  \\<IP>\share, it work's but I don't know
> yet if that will  keeps dropping.
> 
> HOWEVER, the most important thing is there are some odd firewall rules
> between workstations /samba servers, and the rest of organisations
> servers including servers such as DNS, domain controllers. The rules
> allow a vanilla samba "net join" (although we cant do a DNS update:
> DNS is hardcoded on the DNS servers and correct) . 

Where are the DNS servers and what are they ?

>All works but for
> the occasional drop of connections.
> 
> I'm thinking "wins".

Sounds more like a DNS problem.

>Like many others before me wonder why ping <fqdn>
> give the correct IP, but \\fqdn\ does not work when \\<ip> does. I'm
> not familiar with wins. I was thinking wins is not used for fqdn.

'wins' uses NetBIOS, so it maps the IP to the Netbios name.

> 
> My smb is below anything marked with ### is a comment I have put into
> this email (not present in actual smb.conf)
> 
> [global]
> security = ADS
> workgroup = domain ###Is this needed?

Yes it is, provided 'domain' is the NetBIOS domain name.

> realm = domain.xx.uk
> 
> log file = /var/log/samba/%m.log
> log level = 4
> 
> min protocol = smb2   ####possible cause of issue?
> smb encrypt = mandatory
> 
> local master = no
> domain master = no
> preferred master = no
> wins support = no
> wins proxy = no
> dns proxy = no
> 
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> 
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config xx : backend = rid
> idmap config xx : range = 10000-5999999

Here you are using 'xx' for the NetBIOS (or workgroup) name, but
further up it is used as the middle part of the DNS domain
'domain.xx.uk', now this is okay, but only if this is the actual AD
Netbios domain name.
 
Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba