[Samba] Samba 4.2.6 PDC+Ldap Upgrade Reject Windows XP Boxes

Periko Support pheriko.support at gmail.com
Fri Apr 13 04:57:39 UTC 2018 

Hi guys.

I finally upgrade my old centos 6 as PDC with samba 3.6.x+LDAP 2.3.X
to centos 7 with Samba 4.6.2 and ldap 2.4

All my windows 7,8,10, Winserver 2012 R2 are working no issue, users
can login and see share folders and share printers.

But I still have 2 machines running windows xp pro(this month will be
the end finally) that can login into the domain but they cannot see
share folders and printers.

Every time they try to access any machine or share folders on servers,
the system request to input the username+password.

I had check my settings but don't detect which parameter affect this OS.

My smb.conf is this one:

[global]
        workgroup = MYDOMAIN
        server string = PDC Domain Controller
        netbios name = PDC-SRV
        hosts allow = 192.168.1. 192.168.2. 127.
        interfaces = enp3s0 lo0
        bind interfaces only = Yes
        hosts deny = 0.0.0.0
        smb ports = 139 445
        remote announce = 192.168.1.255
        lanman auth = Yes
        client lanman auth = Yes
        security=USER
        server max protocol=NT1
        server min protocol=CORE
        allow trusted domains = Yes
        socket options = IPTOS_LOWDELAY TCP_NODELAY
# passwd backend
        encrypt passwords = yes
        passdb backend = ldapsam:ldap://127.0.0.1/
        pam password change= Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*UNIX*password* %nn
*ReType*new*UNIX*password* %nn *
passwd:*all*authentication*tokens*updated*successfully*
        unix password sync = Yes

# Log options
        log level = 3
        log file = /var/log/samba/%m.log
        max log size = 2048
#        syslog = 1

# Name resolution
        name resolve order = wins bcast hosts lmhost

# misc
        time server = No
#        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        use sendfile = yes
# Dos-Attribute
        map hidden = No
        map system = No
        map archive = No
        map read only = No
        store dos attributes = Yes
        Map to Guest = Bad User

# printers - configured to use CUPS and automatically load them
        load printers = No
        printcap name =
# printing =
        cups options =
        show add printer wizard = No
        add user script = /usr/sbin/smbldap-useradd -m %u
        delete user script = /usr/sbin/smbldap-userdel %u
        add group script = /usr/sbin/smbldap-groupadd -p %g
        delete group script = /usr/sbin/smbldap-groupdel %g
        add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
        delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
        set primary group script = /usr/sbin/smbldap-usermod -g %g %u
        add machine script = /usr/sbin/smbldap-useradd -w %u

# LDAP-iConfiguration
#ldap delete dn = Yes
        ldap ssl = off
        ldap passwd sync = Yes
        ldap suffix = dc=MYDOMAIN,dc=com
        ldap machine suffix = ou=Computers
        ldap user suffix = ou=Users
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Idmap
        ldap admin dn = cn=root,dc=MYDOMAIN,dc=com

# setting up as domain controller
        username map = /etc/samba/usermap
        preferred master = Yes
        wins support = Yes
        winbind nested groups = Yes
        ea support = Yes
        domain logons = Yes
        domain master = Yes
        local master = Yes
        map acl inherit = Yes
        unix charset = UTF8
        case sensitive = No

[netlogon]
        comment = Network Logon Service
        path = /home/samba/netlogon
        Locking = no

[homes]
        comment = Home Directories
        valid users = %S
        read only = No
        browseable = No

Any recommendation will be appreciated, thanks.

More information about the samba mailing list