[Samba] W10 workstations not connecting to Samba 4.10.5 member

Robert Wooden bob at donelsontrophy.com
Tue Jul 2 13:13:58 UTC 2019 

Last night I upgraded my AD domain controllers (Ubuntu18.04LTS) to Samba
4.10.5. These are a built from source install.

This morning my Windows 10 workstations cannot connect to the member server
(U18.04 and Samba 4.10.5) for find profiles and files needed.

Here is my smb.conf:

[global]
workgroup = MYDOM
server string = Samba Server Version %v

security = ads

realm = MYSHRM.DT

use sendfile = true

log level = 4


preferred master = no

domain master = no

dns proxy = no


host msdfs = no


idmap_ldb:use rfc2307 = yes

idmap config * : backend = tdb

idmap config * : range = 50001-80000 ##default was 10000-299999

## map ids from the domain the range may not overlap !

idmap config MYDOM : backend = ad

idmap config MYDOM : schema_mode = rfc2307

idmap config MYDOM : range = 10000-40000 ## default was 10000-99999

winbind nss info = rfc2307

## winbind trusted domains only = no

winbind enum users = yes

winbind enum groups = yes

winbind use default domain = yes

winbind refresh tickets = yes

winbind offline logon = yes


template shell = /bin/bash

template homedir = /home/samba/MYDOM/users/%U


# user Administrator workaround, without it you are unable to set privileges

username map = /etc/samba/user.map


# For ACL support on member file server


##### vfs objects = acl_xattr ##moved to profiles 2017-11-25

map acl inherit = yes

##### store dos attributes = yes ##moved to progfiles 2017-11-25


dedicated keytab file = /etc/krb5.keytab

kerberos method = secrets and keytab


# Share Setting Globally

usershare allow guests = no

unix extensions = no

reset on zero vc = yes

veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/

hide unreadable = yes


# disable printing completely

load printers = no

printing = bsd

printcap name = /dev/null

disable spoolss = yes


restrict anonymous = 2

log file = /var/log/samba/log.%m

max log size = 50


#============================ Share Definitions ============================


[data]

comment = Shared MY data

path = /home/samba/MYDOM/companydata

read only = no

force group = "domain users"

directory mask = 0770

force directory mode = 0770

create mask = 0660

force create mode = 0660

follow symlinks = no

wide links = no


[home]

path = /home/samba/MYDOM/users

read only = no

follow symlinks = yes

wide links = yes


[profiles$]

comment = Users roaming profiles

path = /home/samba/MYDOM/profiles

# browseable = no

read only = no

admin users = +"MYDOM\domain admins"

force create mode = 0600

force directory mode = 0700

profile acls = yes

csc policy = disable

vfs objects = acl_xattr

store dos attributes = yes


Is there something I am not aware of that requires a change to my smb.conf
regarding Windows 10 and SMB1 or SMB2?

-- 
Thank you.

Bob Wooden

More information about the samba mailing list