I have a client with 10+ Windows 10/32-bit clients and 3 Windows 7/32-bit. I converted them today to Samba 4.12, and after some fixes, I now have working shares and roaming profiles for the Win 10 clients. However, the Win7 clients dont get the shares mapped at logon properly (at all). I tried to run the netlogon script manually from Windows/Sysvol/sysvol/<domain>/scripts after mounting the DC's C$. The clients asked for credentials for each mapping which obviously is wrong. So my question is; does Win 7 behave differently than Win 10? The shares are the same as for the Win 10 clients, including the home directories. The logon server is a Windows 2019 server. I cant find anything in the Windows event log that relates to logon problems. (server and domain names obfuscated) [global] netbios name = XXXXX bind interfaces only = yes interfaces = lo ens3 realm = HXXX.SE server role = MEMBER SERVER security = ADS workgroup = HXXX username map = /etc/samba/user.map idmap_ldb:use rfc2307 = yes idmap config * : backend = tdb idmap config * : range = 10000-20000 idmap config XXX : backend = rid idmap config XXX : range = 30000-40000 dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind refresh tickets = yes winbind offline logon = yes winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind expand groups = yes winbind use default domain = yes os level = 20 domain master = no local master = no preferred master = no map to guest = bad user host msdfs = no client min protocol = SMB2 client max protocol = SMB3 client use spnego = yes client ntlmv2 auth = yes unix extensions = no reset on zero vc = yes hide unreadable = yes acl group control = yes acl map full control = yes map acl inherit = yes ea support = yes vfs objects = acl_xattr store dos attributes = yes dos filemode = yes dos filetimes = yes restrict anonymous = 2 strict allocate = yes guest ok = no load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes [Users] comment = "User home directories" path = /share2/Users read only = no [Profiles] comment = "Roaming profiles" path = /share2/profiles read only = no [Dokument] comment = "Dokument" path = /share2/Dokument read only = no [Program] comment = "Applikationer" path = /share2/Applikationer read only = no [SYS] comment = "Industriapplikationer" path = /share2/SYS read only = no -- ----------------------------------------------------------------------------------------------------------------------- This signature contains 100% recyclable electrons as prescribed by Mother Nature Anders ?stling +46 768 716 165 (Mobil) +46 431 45 56 01 (Hem)
On 17/06/2020 17:27, Anders ?stling via samba wrote:> So my question is; does Win 7 behave differently than Win 10? The shares > are the same as for the Win 10 clients, including the home directories.Yes, unless you have changed things. Win 7 uses SMBv1 and Win 10 doesn't> [global] > > workgroup = HXXX > idmap config XXX : backend = ridThe Workgroup name should be what is set in the 'idmap config' lines, typo ?> winbind enum users = yes > winbind enum groups = yesI would suggest you remove the two lines above once everything is working correctly, you do not need them.> client min protocol = SMB2 > client max protocol = SMB3 > client use spnego = yes > client ntlmv2 auth = yesThose are a bit redundant, they are the defaults Remember what I said about Win7 using SMBv1, well Samba 4.12.x doesn't by default, this is probably your problem. Rowland
Hi Rowland, and thank you for quick feedback On Wed, Jun 17, 2020 at 6:45 PM Rowland penny via samba < samba at lists.samba.org> wrote:> On 17/06/2020 17:27, Anders ?stling via samba wrote: > > So my question is; does Win 7 behave differently than Win 10? The shares > > are the same as for the Win 10 clients, including the home directories. > Yes, unless you have changed things. Win 7 uses SMBv1 and Win 10 doesn't >Are you aware of a method to force the Win7 clients to use SMBv2?> > [global] > > > > workgroup = HXXX > > idmap config XXX : backend = rid > The Workgroup name should be what is set in the 'idmap config' lines, > typo ? >Yes> > winbind enum users = yes > > winbind enum groups = yes > I would suggest you remove the two lines above once everything is > working correctly, you do not need them. >Will do> > client min protocol = SMB2 > > client max protocol = SMB3 > > client use spnego = yes > > client ntlmv2 auth = yes > Those are a bit redundant, they are the defaults >Same as above> > Remember what I said about Win7 using SMBv1, well Samba 4.12.x doesn't > by default, this is probably your problem. > > Rowland > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- ----------------------------------------------------------------------------------------------------------------------- This signature contains 100% recyclable electrons as prescribed by Mother Nature Anders ?stling +46 768 716 165 (Mobil) +46 431 45 56 01 (Hem)