[Samba] Windows 7 logon problems

Wed Jun 17 16:27:21 UTC 2020

I have a client with 10+ Windows 10/32-bit clients and 3 Windows 7/32-bit.
I converted them today to Samba 4.12, and after some fixes, I now have
working shares and roaming profiles for the Win 10 clients. However, the
Win7 clients dont get the shares mapped at logon properly (at all). I tried
to run the netlogon script manually from
Windows/Sysvol/sysvol/<domain>/scripts after mounting the DC's C$. The
clients asked for credentials for each mapping which obviously is wrong.

So my question is; does Win 7 behave differently than Win 10? The shares
are the same as for the Win 10 clients, including the home directories.

The logon server is a Windows 2019 server. I cant find anything in the
Windows event log that relates to logon problems.

(server and domain names obfuscated)

[global]
netbios name = XXXXX
bind interfaces only = yes
interfaces = lo ens3
realm = HXXX.SE
server role = MEMBER SERVER
security = ADS
workgroup = HXXX
username map = /etc/samba/user.map
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
idmap config * : range = 10000-20000
idmap config XXX : backend = rid
idmap config XXX : range = 30000-40000
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes
winbind offline logon = yes
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind expand groups = yes
winbind use default domain = yes
os level = 20
domain master = no
local master = no
preferred master = no
map to guest = bad user
host msdfs = no
client min protocol = SMB2
client max protocol = SMB3
client use spnego = yes
client ntlmv2 auth = yes
unix extensions = no
reset on zero vc = yes
hide unreadable = yes
acl group control = yes
acl map full control = yes
map acl inherit = yes
ea support = yes
vfs objects = acl_xattr
store dos attributes = yes
dos filemode = yes
dos filetimes = yes
restrict anonymous = 2
strict allocate = yes
guest ok = no
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes

[Users]
comment = "User home directories"
path = /share2/Users
read only = no

[Profiles]
comment = "Roaming profiles"
path = /share2/profiles
read only = no

[Dokument]
comment = "Dokument"
path = /share2/Dokument
read only = no

[Program]
comment = "Applikationer"
path = /share2/Applikationer
read only = no
[SYS]
comment = "Industriapplikationer"
path = /share2/SYS
read only = no
-- 
-----------------------------------------------------------------------------------------------------------------------
This signature contains 100% recyclable electrons as prescribed by Mother
Nature

Anders Östling
+46 768 716 165 (Mobil)
+46 431 45 56 01  (Hem)