[Samba] Some older windows clients can't connect after upgrade

Emmanuel Florac eflorac at intellique.com
Thu Dec 15 10:51:03 UTC 2022


After upgrading to samba 4.13 (from debian oldstable to debian stable),
some windows clients (windows 2008r2 and lower, Indows 7, windows XP,
etc) can't connect to the serveur anymore. My first move was to enable
SMBv1, now some linux clients connect using the older protocol, but the
windows client still fail to connect "can't connect" error, neither
using the UNC name, nor the IP adress; neither from the windows
explorer, or "net use //xxxx/yyy" in a CMD shell.

Any ideas?

The global part of smb.conf:

    workgroup = EXAMPLE
    security = ADS
    realm = EXAMPLE.LAN

    # allow SMB1
    ntlm auth = ntlmv1-permitted
    server min protocol=NT1

    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab
    server string = Data %h

    winbind use default domain = yes
    winbind expand groups = 4
    winbind nss info = rfc2307
    winbind refresh tickets = Yes
    winbind offline logon = yes
    winbind normalize names = Yes

    ## map ids outside of domain to tdb files.
    idmap config *:backend = tdb
    idmap config *:range = 2000-9999
    ## map ids from the domain  the ranges may not overlap !
    idmap config EXAMPLE : backend = rid
    idmap config EXAMPLE : range = 10000-999999
    template shell = /bin/bash
    template homedir = /home/EXAMPLE/%U

    domain master = no
    local master = no
    preferred master = no
    os level = 20
    map to guest = bad user
    host msdfs = no

    # user Administrator workaround, without it you are unable to set
    privileges username map = /etc/samba/user.map

    # For ACL support on domain member
    vfs objects = acl_xattr
    map acl inherit = Yes
    store dos attributes = Yes

    # Share Setting Globally
    unix extensions = no
    reset on zero vc = yes
    veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
    hide unreadable = yes

    # disable printing completely
    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes

Emmanuel Florac     |   Direction technique
                    |   Intellique
                    |	<eflorac at intellique.com>
                    |   +33 1 78 94 84 02
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: Signature digitale OpenPGP
URL: <http://lists.samba.org/pipermail/samba/attachments/20221215/c6ec3c4c/attachment.sig>

More information about the samba mailing list