Deubgging some issues with my DFS client logic I found that samba answers domain DFS root referral requests by pointing back to the domain name instead of the DFS namespace server (or DC respectively). It appears to reflect back the requested host/domain name, which works for standalone DFS but not domain based. In Data Max Referral Level: 4 File Name: \samba4ad.springfield\dfs -> Referral Version: 3 Size: 34 Server Type: Root targets returns (1) Flags: 0x0000 TTL: 600 Path Offset: 34 Alt Path Offset: 86 Node Offset: 138 Server GUID: 00000000-0000-0000-0000-000000000000 Path: \samba4ad.springfield\dfs Alt Path: \samba4ad.springfield\dfs Node: \samba4ad.springfield\dfs While this may work by accident under some circumstances (domain A record pointing to the DC which is also the DFS namespace server, no kerberos auth), this is definitly not the correct behavior (you never end up with an actual server name/SPN). Windows clients seem to ignore these referrals. Windows 2019 response for comparison: In Data Max Referral Level: 4 File Name: \w2k19single.springfield\dfs -> Referral Version: 4 Size: 34 Server Type: Root targets returns (1) Flags: 0x0004, TargetSetBoundary TTL: 300 Path Offset: 34 Alt Path Offset: 92 Node Offset: 150 Server GUID: 00000000-0000-0000-0000-000000000000 Path: \w2k19single.springfield\dfs Alt Path: \w2k19single.springfield\dfs Node: \W2K19-SINGLE-DC.w2k19single.springfield\dfs #11333 could be related. Attaching some examples, can provide the PCAPs if needed (however, only will be back in three weeks).
Created attachment 15831 [details] Resolving domain referral (Samba)
Created attachment 15832 [details] Resolving domain referral (Win2019, DC is DFS server)
Created attachment 15833 [details] Resolving domain referral (Win2019, DC is not DFS server)