Samba4 no longer supports clients with windows xp, because I have updated the samba to version 4.11.6 and workstations with xp are no longer allowed to join, it gives an error that there are many remote connections that can be made , it does so for both domain controllers and file servers with that version of samba -- M.Sc. Eduardo Miranda Hidalgo Especialista Superior en TICAEST UEB Holgu?n Tel?fono: 24 468888 ext 510 M?vil: 52145739 eduardo.miranda at desoft.cu Somos uno, somos Desoft.
On 06/03/2020 20:34, Eduardo Miranda Hidalgo via samba wrote:> Samba4 no longer supports clients with windows xp, because I have updated the samba to version 4.11.6 and workstations with xp are no longer allowed to join, it gives an error that there are many remote connections that can be made , it does so for both domain controllers and file servers with that version of sambaThis is possibly being caused by NTLMv1 now being turned off by default and/or 'server min protocol' & 'client min protocol' now being set to SMB2 by default. Having said that, you really shouldn't be using XP any more, it is insecure and EOL, the only really reason I can think for using it would be if some high value machine is controlled by it and XP cannot be replaced by a later version. Rowland
Il 06/03/20 22:11, Rowland penny via samba ha scritto:> [...] the only really reason I can think for using it would be if some > high value machine is controlled by it and XP cannot be replaced by a > later version.Hi Rowland , yes, and it is not an hypothetical world it's a real world. For example we have at least 20 clients XP that can't be replaced because they controls old very high value machines (we have to spend tens of thousands dollars each to replace them and we want replace them but we need time: we replace one or two machine per year not more, we can't do more). Actually we have replaced all win2k clients and we need at least fifteen years to see XP replaced. And we would like that samba remains compatible with XP for some years more... Have a great day Piviul
Il 07/03/20 21:27, Reindl Harald ha scritto:> but given that such machines must not be in the normal environment > anyways why do you need the latest and greatest samba?but the same user can work on an old winxp or latest win10 machine and have to share and access the same files that have to be shared between the network. So old and new have to coexists> use RHEL8 or something with 10 years support and plug the network with > the xp machines on a second NIC for security > > and 15 years: forget it, at least if you care for security update son > teh serveryes but it is not so simple. Some service has to be upgraded for a lot of reasons but can't because breaks some compatibility. When a retro compatibility is broken there are a lot of aspect to evaluate...> i still need to understand why the most expensive stuff is the sloppiest > crap and that "high value machines for tens of thousands dollars" can't > be controlled by anything not older than 20 yearsbecause old 20 years machine can do the same work than can do new machines. Yes frequently happens that new machines can do his task faster or can do some task more in the same time and that seems to be a good reason to upgrade them; but if you don't need this more fastness or the more tasks they do, you have to upgrade only because the OS of the PC that control it is too old... or often happens that a new machines are placed side by side with the old ones and the olds one are employed rarely but when them are employed they have to access the same network and access the same shared data... Any way I can understand that for developers retro-compatibility is a hard task... Best regards Piviul
On Sun, Mar 8, 2020 at 4:36 PM Piviul via samba <samba at lists.samba.org> wrote:> > Il 07/03/20 21:27, Reindl Harald ha scritto: > > but given that such machines must not be in the normal environment > > anyways why do you need the latest and greatest samba? > but the same user can work on an old winxp or latest win10 machine and > have to share and access the same files that have to be shared between > the network. So old and new have to coexistsHaving to maintain old environments, or upgrading them to something contemporary, is an old, old problem. It's the worst when the old hardware can no longer be obtained, and the backup media can no longer be read. Been there, done that, with ATA drives no longer manufactured and magtapes from NASA data no longer legible on contemporary, higher mag-tape drives, and fiscal data stored on old SCO OpenServer systems for which intervening license and software updates were no longer available. The data involved was mortgages and other real estate documents, involving 30-year mortgages, so it *had* to be accessible for decades. Samba access to fileservers was critical. Maintaining compatibility with newer file services and access control was not trivial, and it was not cheap in consulting time, and I was permitted to publish my notes. So I absolutely sympathize with your difficulty.> > use RHEL8 or something with 10 years support and plug the network with > > the xp machines on a second NIC for security > > > > and 15 years: forget it, at least if you care for security update son > > teh server > yes but it is not so simple. Some service has to be upgraded for a lot > of reasons but can't because breaks some compatibility. When a retro > compatibility is broken there are a lot of aspect to evaluate...Oh, dear lord, yes. This used to be a big chunk of contracting work for me as I was doing international travel to support my ex-wife's career.> > i still need to understand why the most expensive stuff is the sloppiest > > crap and that "high value machines for tens of thousands dollars" can't > > be controlled by anything not older than 20 years > because old 20 years machine can do the same work than can do new > machines. Yes frequently happens that new machines can do his task > faster or can do some task more in the same time and that seems to be a > good reason to upgrade them; but if you don't need this more fastness or > the more tasks they do, you have to upgrade only because the OS of the > PC that control it is too old... or often happens that a new machines > are placed side by side with the old ones and the olds one are employed > rarely but when them are employed they have to access the same network > and access the same shared data...The same is very true in academic environments, where money for upgrades is very limited. There is also a real reluctance to introduce the leading edge of the "bathtub curve" for failures of new system.> Any way I can understand that for developers retro-compatibility is a > hard task...It's one of the things that DevOps personnel get paid for. I am eternally grateful to the older engineers who *tolerated* and educated me in existing technologies as a new sys-admin back in the day, and hope I paid off their investment with introducing them to tools like Samba for multi-platform work back in the 1990's.