samba - Sep 2020 - What is needed to allow Network Browsing of the file server in Windows

I am using Samba as a simple file server but I cannot browse its shares 
in Windows Explorer. I do not use SMB1. Am I missing a trick or is it 
not possible without SMB1?

I am using ClearOS7 with the Centos7 4.10.4 samba package. My cut down 
configs (with most of the shares removed) are:

[root at server ~]# testparm -s
Load smb config files from /etc/samba/smb.conf
NOTE: Service homes is flagged unavailable.
NOTE: Service profiles is flagged unavailable.
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.

Server role: ROLE_DOMAIN_PDC

# Global parameters
[global]
         add machine script = /usr/sbin/samba-add-machine "%u"
         bind interfaces only = Yes
         domain logons = Yes
         domain master = Yes
         guest account = guest
         interfaces = lo enp5s0
         ldap admin dn = cn=manager,ou=Internal,dc=howitts,dc=co,dc=uk
         ldap connection timeout = 8
         ldap group suffix = ou=Groups,ou=Accounts
         ldap idmap suffix = ou=Idmap
         ldap machine suffix = ou=Computers,ou=Accounts
         ldap ssl = no
         ldap suffix = dc=howitts,dc=co,dc=uk
         ldap user suffix = ou=Users,ou=Accounts
         log file = /var/log/samba/log.%m
         logon drive = U:
         logon home = \\%L\%U
         logon path          logon script = logon.cmd
         max log size = 0
         ntlm auth = ntlmv1-permitted
         os level = 21
         passdb backend = ldapsam:ldap://127.0.0.1
         passwd chat = *password:* %n\n *password:* %n\n *successfully.*
         passwd chat timeout = 10
         passwd program = /usr/sbin/userpasswd %u
         preferred master = Yes
         printcap name = /etc/printcap
         security = USER
         server min protocol = SMB2
         server string = Server
         template homedir = /home/%U
         template shell = /sbin/nologin
         unix password sync = Yes
         username map = /etc/samba/smbusers
         utmp = Yes
         winbind enum groups = Yes
         winbind enum users = Yes
         winbind expand groups = 1
         winbind separator = +
         winbind use default domain = Yes
         wins support = Yes
         workgroup = HOME
         idmap config * : ldap_user_dn = 
cn=manager,ou=Internal,dc=howitts,dc=co,dc=uk
         idmap config * : ldap_base_dn = ou=Idmap,dc=howitts,dc=co,dc=uk
         idmap config * : ldap_url = ldap://127.0.0.1
         idmap config * : range = 20000000-29999999
         idmap config * : backend = ldap
         include = /etc/samba/flexshare.conf


[shared]
         comment = Server Common Files
         force create mode = 0660
         force directory mode = 0770
         force group = howitts
         path = /shares/shared
         read only = No
         valid users = @howitts
         veto files = /.trash/
         vfs objects = recycle:recycle
         recycle:excludedir = /recycle,/tmp,/temp,/TMP,/TEMP,/BackUps
         recycle:exclude = *.tmp,*.temp,*.o,*.obj,*.TMP,*.TEMP,~*.*
         recycle:noversions = *.tmp,*.temp,*.o,*.obj,*.TMP,*.TEMP,~*.*
         recycle:directory_mode = 0775
         recycle:touch = No
         recycle:keeptree = Yes
         recycle:versions = Yes
         recycle:maxsize = 0
         recycle:repository = .trash


[printers]
         browseable = No
         comment = Print Spool
         cups options = raw
         path = /var/spool/samba
         printable = Yes
         read only = No
         use client driver = Yes


[print$]
         browseable = No
         comment = Printer Drivers
         path = /var/samba/drivers
         read only = No


[netlogon]
         browseable = No
         comment = Network Logon Service
         locking = No
         path = /var/samba/netlogon
         read only = No


[profiles]
         available = No
         browseable = No
         comment = Profile Share
         force directory mode = 02775
         force group = domain_users
         path = /var/samba/profiles
         read only = No

My PC's are set up by DHCP to use the server as the WINS server.

Although the role is set as ROLE_DOMAIN_PDC, my PC's are not domain joined.

Thanks,
Nick

On 28/09/2020 12:01, Nick Howitt via samba wrote:
> I am using Samba as a simple file server but I cannot browse its 
> shares in Windows Explorer. I do not use SMB1. Am I missing a trick or 
> is it not possible without SMB1?
No you are not missing a trick, Network Browsing requires SMBv1. Windows 
now uses Network Discovery instead, you should be able to use this 
instead: https://github.com/christgau/wsdd
>
> I am using ClearOS7 with the Centos7 4.10.4 samba package.
Samba is starting to remove everything to do with SMBv1, 4.13.0 (just 
released) has deprecated a few of the parameters required for a PDC, so 
can I suggest you upgrade to Samba AD as soon as possible, this will 
mean using non distro packages or changing distro, because you cannot 
provision an AD DC on the Centos packages.

Rowland

On 28/09/2020 12:36, Rowland penny via samba wrote:
> 
> On 28/09/2020 12:01, Nick Howitt via samba wrote:
>> I am using Samba as a simple file server but I cannot browse its 
>> shares in Windows Explorer. I do not use SMB1. Am I missing a trick or 
>> is it not possible without SMB1?
> No you are not missing a trick, Network Browsing requires SMBv1. Windows 
> now uses Network Discovery instead, you should be able to use this 
> instead: https://github.com/christgau/wsdd
>>
>> I am using ClearOS7 with the Centos7 4.10.4 samba package.
> 
> Samba is starting to remove everything to do with SMBv1, 4.13.0 (just 
> released) has deprecated a few of the parameters required for a PDC, so 
> can I suggest you upgrade to Samba AD as soon as possible, this will 
> mean using non distro packages or changing distro, because you cannot 
> provision an AD DC on the Centos packages.
> 
> Rowland
> 
Thanks. wsdd seems to do the trick.

I'm afraid I can't upgrade Samba as I am stuck with what upstream 
supply, so it is what I need to be able to support. ClearOS itself will 
need quite a rework to handle an AD/DC as it also does file serving and 
has a fair amount of stuff integrated with OpenLDAP including a few 
schema additions. Really the only feasible stage to do an upgrade would 
be when they change to 8.x. Even then, the easiest route would be to 
keep going with the current file server set up and run an AD/DC in 
docker with something like https://github.com/Fmstrat/samba-domain then 
join the server to the docker domain. You would hate this as it you 
strongly recommend (for understandable reasons) keeping an AD/DC on a 
separate machine. Unfortunately the ClearOS concept was for an 
all-in-one box acting as a router and server. Thankfully I am not a 
system architect and someone else is going to have to come up with the 
system design.
Nick