Web lists-archives.com

Re: [Samba] [SOLVED] Can't join Win10 to Samba 3.6,23




Hai Marc, 

Agree, is not mainstream to set both these settings but it is recommended to set: Always wait for network

The why:
When a user turns on the computer, the system applies computer policy. 
When a user logs on interactively, the system loads the user profile, then applies user policy

Now, if you dont set wait for network,... 
I apply a new (user) policy, which should block something, does not matter what. 

I login, (network not ready), so cached login, what i did set is not applied (yet). 
So we have some time to "hack" the local system. 
And same for the computer policy. I also use the setting to make sure the profiles are loaded. 

So.. What exact happens. ( after the ICMP client ping to server, detections etc.. ) 
When this policy is enabled, foreground processing switches from asynchronous to synchronous. 
This means that computer and user policy must run to completion before the user gets control of the computer and desktop. 
However, it can also be beneficial because it gets around the problem of requiring two,
or more restarts or logons for software installations and folder redirection policy to take effect.

I can recommend the "Always wait for network" setting. 
I dont recommend the Detect Slow network. 

My set: 
In GPO(1), for local network computers: "Always wait for network" Enabled.
In GPO(2), for laptop computers: "Always wait for network" disabled.

Laptops and normal computer have a different GPO set, laptops are configured for cached logins, etc. 
Optional, Specify a maximum wait time for GPO scripts also. 

Ow and Marc, this is not a samba thing but a windows thing.  
So no worries ;-) 


Greetz, 

Louis










> -----Oorspronkelijk bericht-----
> Van: Marc Muehlfeld [mailto:mmuehlfeld@xxxxxxxxx] 
> Verzonden: vrijdag 28 juli 2017 14:50
> Aan: L.P.H. van Belle; samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] [SOLVED] Can't join Win10 to Samba 3.6,23
> 
> Am 28.07.2017 um 09:36 schrieb L.P.H. van Belle via samba:
> > Maybe is good to add the slow network fix also on the wiki page 
> > (above)
> > 
> > [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
> > "SlowLinkDetectEnabled"=dword:00000000
> > "WaitForNetwork"=dword:00000000
> > 
> > Samba 4 AD DC setup's are also adviced to to set this through GPO. 
> 
> I read this the first time. In the past I only set this when 
> I had problems with roaming profiles over WAN connections.
> 
> I think this is not something we should recommend to set in 
> general. I mean it's not the default on Windows and seem only 
> to be necessary in some cases. If this is required for Samba, 
> we may have a bug.
> 
> 
> Does anyone run an NT4 domain using a recent Samba version (4.5 or
> later) on the PDC and can confirm that without these settings 
> Win10 clients can't log on?
> 
> 
> Regards,
> Marc
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba