samba - Jul 2019 - W10 workstations not connecting to Samba 4.10.5 member

Last night I upgraded my AD domain controllers (Ubuntu18.04LTS) to Samba
4.10.5. These are a built from source install.

This morning my Windows 10 workstations cannot connect to the member server
(U18.04 and Samba 4.10.5) for find profiles and files needed.

Here is my smb.conf:

[global]
workgroup = MYDOM
server string = Samba Server Version %v

security = ads

realm = MYSHRM.DT

use sendfile = true

log level = 4


preferred master = no

domain master = no

dns proxy = no


host msdfs = no


idmap_ldb:use rfc2307 = yes

idmap config * : backend = tdb

idmap config * : range = 50001-80000 ##default was 10000-299999

## map ids from the domain the range may not overlap !

idmap config MYDOM : backend = ad

idmap config MYDOM : schema_mode = rfc2307

idmap config MYDOM : range = 10000-40000 ## default was 10000-99999

winbind nss info = rfc2307

## winbind trusted domains only = no

winbind enum users = yes

winbind enum groups = yes

winbind use default domain = yes

winbind refresh tickets = yes

winbind offline logon = yes


template shell = /bin/bash

template homedir = /home/samba/MYDOM/users/%U


# user Administrator workaround, without it you are unable to set privileges

username map = /etc/samba/user.map


# For ACL support on member file server


##### vfs objects = acl_xattr ##moved to profiles 2017-11-25

map acl inherit = yes

##### store dos attributes = yes ##moved to progfiles 2017-11-25


dedicated keytab file = /etc/krb5.keytab

kerberos method = secrets and keytab


# Share Setting Globally

usershare allow guests = no

unix extensions = no

reset on zero vc = yes

veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/

hide unreadable = yes


# disable printing completely

load printers = no

printing = bsd

printcap name = /dev/null

disable spoolss = yes


restrict anonymous = 2

log file = /var/log/samba/log.%m

max log size = 50


#============================ Share Definitions ===========================

[data]

comment = Shared MY data

path = /home/samba/MYDOM/companydata

read only = no

force group = "domain users"

directory mask = 0770

force directory mode = 0770

create mask = 0660

force create mode = 0660

follow symlinks = no

wide links = no


[home]

path = /home/samba/MYDOM/users

read only = no

follow symlinks = yes

wide links = yes


[profiles$]

comment = Users roaming profiles

path = /home/samba/MYDOM/profiles

# browseable = no

read only = no

admin users = +"MYDOM\domain admins"

force create mode = 0600

force directory mode = 0700

profile acls = yes

csc policy = disable

vfs objects = acl_xattr

store dos attributes = yes


Is there something I am not aware of that requires a change to my smb.conf
regarding Windows 10 and SMB1 or SMB2?

-- 
Thank you.

Bob Wooden

On 02/07/2019 14:13, Robert Wooden via samba wrote:
> Last night I upgraded my AD domain controllers (Ubuntu18.04LTS) to Samba
> 4.10.5. These are a built from source install.
>
> This morning my Windows 10 workstations cannot connect to the member server
> (U18.04 and Samba 4.10.5) for find profiles and files needed.
>
This should only appear on an AD DC:

idmap_ldb:use rfc2307 = yes

This is the old way of doing things:

winbind nss info = rfc2307

By moving 'vfs objects = acl_xattr' to the profiles share, no other 
share will use it.

This parameter has been removed:

profile acls = yes

If fixing these doesn't solve your problems, try checking the logs on 
all machines involved.

Rowland