Robert Wooden
2019-Jul-02 13:13 UTC
[Samba] W10 workstations not connecting to Samba 4.10.5 member
Last night I upgraded my AD domain controllers (Ubuntu18.04LTS) to Samba 4.10.5. These are a built from source install. This morning my Windows 10 workstations cannot connect to the member server (U18.04 and Samba 4.10.5) for find profiles and files needed. Here is my smb.conf: [global] workgroup = MYDOM server string = Samba Server Version %v security = ads realm = MYSHRM.DT use sendfile = true log level = 4 preferred master = no domain master = no dns proxy = no host msdfs = no idmap_ldb:use rfc2307 = yes idmap config * : backend = tdb idmap config * : range = 50001-80000 ##default was 10000-299999 ## map ids from the domain the range may not overlap ! idmap config MYDOM : backend = ad idmap config MYDOM : schema_mode = rfc2307 idmap config MYDOM : range = 10000-40000 ## default was 10000-99999 winbind nss info = rfc2307 ## winbind trusted domains only = no winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind refresh tickets = yes winbind offline logon = yes template shell = /bin/bash template homedir = /home/samba/MYDOM/users/%U # user Administrator workaround, without it you are unable to set privileges username map = /etc/samba/user.map # For ACL support on member file server ##### vfs objects = acl_xattr ##moved to profiles 2017-11-25 map acl inherit = yes ##### store dos attributes = yes ##moved to progfiles 2017-11-25 dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab # Share Setting Globally usershare allow guests = no unix extensions = no reset on zero vc = yes veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/ hide unreadable = yes # disable printing completely load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes restrict anonymous = 2 log file = /var/log/samba/log.%m max log size = 50 #============================ Share Definitions =========================== [data] comment = Shared MY data path = /home/samba/MYDOM/companydata read only = no force group = "domain users" directory mask = 0770 force directory mode = 0770 create mask = 0660 force create mode = 0660 follow symlinks = no wide links = no [home] path = /home/samba/MYDOM/users read only = no follow symlinks = yes wide links = yes [profiles$] comment = Users roaming profiles path = /home/samba/MYDOM/profiles # browseable = no read only = no admin users = +"MYDOM\domain admins" force create mode = 0600 force directory mode = 0700 profile acls = yes csc policy = disable vfs objects = acl_xattr store dos attributes = yes Is there something I am not aware of that requires a change to my smb.conf regarding Windows 10 and SMB1 or SMB2? -- Thank you. Bob Wooden
Rowland penny
2019-Jul-02 13:50 UTC
[Samba] W10 workstations not connecting to Samba 4.10.5 member
On 02/07/2019 14:13, Robert Wooden via samba wrote:> Last night I upgraded my AD domain controllers (Ubuntu18.04LTS) to Samba > 4.10.5. These are a built from source install. > > This morning my Windows 10 workstations cannot connect to the member server > (U18.04 and Samba 4.10.5) for find profiles and files needed. >This should only appear on an AD DC: idmap_ldb:use rfc2307 = yes This is the old way of doing things: winbind nss info = rfc2307 By moving 'vfs objects = acl_xattr' to the profiles share, no other share will use it. This parameter has been removed: profile acls = yes If fixing these doesn't solve your problems, try checking the logs on all machines involved. Rowland