Periko Support
2018-Apr-13 04:57 UTC
[Samba] Samba 4.2.6 PDC+Ldap Upgrade Reject Windows XP Boxes
Hi guys.
I finally upgrade my old centos 6 as PDC with samba 3.6.x+LDAP 2.3.X
to centos 7 with Samba 4.6.2 and ldap 2.4
All my windows 7,8,10, Winserver 2012 R2 are working no issue, users
can login and see share folders and share printers.
But I still have 2 machines running windows xp pro(this month will be
the end finally) that can login into the domain but they cannot see
share folders and printers.
Every time they try to access any machine or share folders on servers,
the system request to input the username+password.
I had check my settings but don't detect which parameter affect this OS.
My smb.conf is this one:
[global]
workgroup = MYDOMAIN
server string = PDC Domain Controller
netbios name = PDC-SRV
hosts allow = 192.168.1. 192.168.2. 127.
interfaces = enp3s0 lo0
bind interfaces only = Yes
hosts deny = 0.0.0.0
smb ports = 139 445
remote announce = 192.168.1.255
lanman auth = Yes
client lanman auth = Yes
security=USER
server max protocol=NT1
server min protocol=CORE
allow trusted domains = Yes
socket options = IPTOS_LOWDELAY TCP_NODELAY
# passwd backend
encrypt passwords = yes
passdb backend = ldapsam:ldap://127.0.0.1/
pam password change= Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %nn
*ReType*new*UNIX*password* %nn *
passwd:*all*authentication*tokens*updated*successfully*
unix password sync = Yes
# Log options
log level = 3
log file = /var/log/samba/%m.log
max log size = 2048
# syslog = 1
# Name resolution
name resolve order = wins bcast hosts lmhost
# misc
time server = No
# socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
use sendfile = yes
# Dos-Attribute
map hidden = No
map system = No
map archive = No
map read only = No
store dos attributes = Yes
Map to Guest = Bad User
# printers - configured to use CUPS and automatically load them
load printers = No
printcap name # printing cups options show add printer
wizard = No
add user script = /usr/sbin/smbldap-useradd -m %u
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
add machine script = /usr/sbin/smbldap-useradd -w %u
# LDAP-iConfiguration
#ldap delete dn = Yes
ldap ssl = off
ldap passwd sync = Yes
ldap suffix = dc=MYDOMAIN,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=root,dc=MYDOMAIN,dc=com
# setting up as domain controller
username map = /etc/samba/usermap
preferred master = Yes
wins support = Yes
winbind nested groups = Yes
ea support = Yes
domain logons = Yes
domain master = Yes
local master = Yes
map acl inherit = Yes
unix charset = UTF8
case sensitive = No
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
Locking = no
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
Any recommendation will be appreciated, thanks.
Periko Support
2018-Apr-13 05:06 UTC
[Samba] Samba 4.2.6 PDC+Ldap Upgrade Reject Windows XP Boxes
This log took my attention in smbd.log: [2018/04/12 22:04:50.021325, 3] ../source3/lib/util_procid.c:54(pid_to_procid) pid_to_procid: messaging_dgm_get_unique failed: No such file or directory [2018/04/12 22:04:53.832454, 3] ../lib/util/access.c:361(allow_access) Allowed connection from 192.168.1.102 (192.168.1.102) [2018/04/12 22:05:02.461101, 3] ../lib/util/access.c:361(allow_access) Allowed connection from 192.168.1.116 (192.168.1.116) [2018/04/12 22:05:02.517512, 3] ../source3/lib/util_procid.c:54(pid_to_procid) pid_to_procid: messaging_dgm_get_unique failed: No such file or directory This is one of the xp machines. On Thu, Apr 12, 2018 at 9:57 PM, Periko Support <pheriko.support at gmail.com> wrote:> Hi guys. > > I finally upgrade my old centos 6 as PDC with samba 3.6.x+LDAP 2.3.X > to centos 7 with Samba 4.6.2 and ldap 2.4 > > All my windows 7,8,10, Winserver 2012 R2 are working no issue, users > can login and see share folders and share printers. > > But I still have 2 machines running windows xp pro(this month will be > the end finally) that can login into the domain but they cannot see > share folders and printers. > > Every time they try to access any machine or share folders on servers, > the system request to input the username+password. > > I had check my settings but don't detect which parameter affect this OS. > > My smb.conf is this one: > > [global] > workgroup = MYDOMAIN > server string = PDC Domain Controller > netbios name = PDC-SRV > hosts allow = 192.168.1. 192.168.2. 127. > interfaces = enp3s0 lo0 > bind interfaces only = Yes > hosts deny = 0.0.0.0 > smb ports = 139 445 > remote announce = 192.168.1.255 > lanman auth = Yes > client lanman auth = Yes > security=USER > server max protocol=NT1 > server min protocol=CORE > allow trusted domains = Yes > socket options = IPTOS_LOWDELAY TCP_NODELAY > # passwd backend > encrypt passwords = yes > passdb backend = ldapsam:ldap://127.0.0.1/ > pam password change= Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*UNIX*password* %nn > *ReType*new*UNIX*password* %nn * > passwd:*all*authentication*tokens*updated*successfully* > unix password sync = Yes > > # Log options > log level = 3 > log file = /var/log/samba/%m.log > max log size = 2048 > # syslog = 1 > > # Name resolution > name resolve order = wins bcast hosts lmhost > > # misc > time server = No > # socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > use sendfile = yes > # Dos-Attribute > map hidden = No > map system = No > map archive = No > map read only = No > store dos attributes = Yes > Map to Guest = Bad User > > # printers - configured to use CUPS and automatically load them > load printers = No > printcap name > # printing > cups options > show add printer wizard = No > add user script = /usr/sbin/smbldap-useradd -m %u > delete user script = /usr/sbin/smbldap-userdel %u > add group script = /usr/sbin/smbldap-groupadd -p %g > delete group script = /usr/sbin/smbldap-groupdel %g > add user to group script = /usr/sbin/smbldap-groupmod -m %u %g > delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g > set primary group script = /usr/sbin/smbldap-usermod -g %g %u > add machine script = /usr/sbin/smbldap-useradd -w %u > > # LDAP-iConfiguration > #ldap delete dn = Yes > ldap ssl = off > ldap passwd sync = Yes > ldap suffix = dc=MYDOMAIN,dc=com > ldap machine suffix = ou=Computers > ldap user suffix = ou=Users > ldap group suffix = ou=Groups > ldap idmap suffix = ou=Idmap > ldap admin dn = cn=root,dc=MYDOMAIN,dc=com > > # setting up as domain controller > username map = /etc/samba/usermap > preferred master = Yes > wins support = Yes > winbind nested groups = Yes > ea support = Yes > domain logons = Yes > domain master = Yes > local master = Yes > map acl inherit = Yes > unix charset = UTF8 > case sensitive = No > > [netlogon] > comment = Network Logon Service > path = /home/samba/netlogon > Locking = no > > [homes] > comment = Home Directories > valid users = %S > read only = No > browseable = No > > Any recommendation will be appreciated, thanks.
Andrew Bartlett
2018-Apr-13 06:05 UTC
[Samba] Samba 4.2.6 PDC+Ldap Upgrade Reject Windows XP Boxes
On Thu, 2018-04-12 at 21:57 -0700, Periko Support via samba wrote:> Hi guys. > > I finally upgrade my old centos 6 as PDC with samba 3.6.x+LDAP 2.3.X > to centos 7 with Samba 4.6.2 and ldap 2.4 > > All my windows 7,8,10, Winserver 2012 R2 are working no issue, users > can login and see share folders and share printers. > > But I still have 2 machines running windows xp pro(this month will be > the end finally) that can login into the domain but they cannot see > share folders and printers. > > Every time they try to access any machine or share folders on servers, > the system request to input the username+password. > > I had check my settings but don't detect which parameter affect this OS.NTLMv2 is the default now. Set ntlm auth = yes or make the client do NTLMv2 (better). -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba
Periko Support
2018-Apr-13 15:49 UTC
[Samba] Samba 4.2.6 PDC+Ldap Upgrade Reject Windows XP Boxes
Andrew u are right, that parameter fix my issue. Thanks a lot, have a great weekend!!! On Thu, Apr 12, 2018 at 11:05 PM, Andrew Bartlett <abartlet at samba.org> wrote:> On Thu, 2018-04-12 at 21:57 -0700, Periko Support via samba wrote: >> Hi guys. >> >> I finally upgrade my old centos 6 as PDC with samba 3.6.x+LDAP 2.3.X >> to centos 7 with Samba 4.6.2 and ldap 2.4 >> >> All my windows 7,8,10, Winserver 2012 R2 are working no issue, users >> can login and see share folders and share printers. >> >> But I still have 2 machines running windows xp pro(this month will be >> the end finally) that can login into the domain but they cannot see >> share folders and printers. >> >> Every time they try to access any machine or share folders on servers, >> the system request to input the username+password. >> >> I had check my settings but don't detect which parameter affect this OS. > > NTLMv2 is the default now. Set ntlm auth = yes or make the client do > NTLMv2 (better). > > -- > Andrew Bartlett > https://samba.org/~abartlet/ > Authentication Developer, Samba Team https://samba.org > Samba Development and Support, Catalyst IT > https://catalyst.net.nz/services/samba > > > >