Tailscale and SMB file shares

2nd May 2025

Tailscale is good for getting basic IP connectivity but it introduces some complexity when the user needs INTERNAL DNS for domain authentication.

Case in point; remote user is trying to connect to an SMB share. He has software installed locally, his laptop is NOT connected to the domain.
Testing shows the user can ping the file server but not connect to the share.

SOLVED:
Log into the tailscale console as an administrator and click the DNS tab

Scroll down to Nameservers, and pull down “Add nameserver”

Choose to add a Custom…

For Nameserver type the IP address of your internal DNS server / Domain Controller

Enable Restrict to domain / Split DNS

Under Domain enter your internal domain name, hint; it may end in .local

Now all internal domain related DNS will go to the Domain Controller and your domain credentials will automatically be used for SMB shares, providing your laptop is part of the domain and you are logged in with a domain account. If you are not using a domain account you will be prompted for valid domain credentials.