Web lists-archives.com

[Samba] Windows 10 clients slow remapping drives and somewhat inconsistent in reconnecting to the saved map drives




Hello,
I'm a long term samba user through many different flavors from FreeBSD to Linux.  My latest is using Ubuntu 16.04 with its older version of the 4.2 series of samba as an AD DC and separate 4.2 series file server.  In my small test environment the Samba 4.2 AD DC and the Samba 4.2 file server are different LXC containers on the same host.

I've worked through many of the configuration guides to get the POSIX attributes in the samba AD directory by provisioning with -use-rfc2307.  And creating new accounts with appropriate samba-tool add user commands; sudo samba-tool user add <username> --uid-number=<userUID> gid-number=<userGID> home-directory=/homes/<username> login-shell=/bin/bash (So we can migrate the contents of older linux file servers and not have to change the uid/gid for files, and a few of the systems are interactive linux systems)

SSSD OR winbind based Linux authentication with AD backend works out fine for those Ubuntu systems that are not file servers.

The challenge I am facing is with Windows 10 clients mapping drives are somewhat inconsistent in either their ability to reconnect or how quickly they remap the drives.  Windows 10 in this case is 1607 LTSB.  The Windows 10 and 7 are mobile and not domain members, so they remember connections to quickly reconnect drives.  Fileserver is configured to support both win7 and win10 clients.  Windows 7 clients don't seem to exhibit any of these issues.  The slow connection takes about 5-8 seconds to open the drive in file explorer after logging into desktop and selecting the drive from the remembered connections.  When this fails I get one of the two errors below.

The two primary errors that the windows 10 client receives are:
1)  "The account is not authorized to log in from this station"  - not true
I see this issue mostly after the windows 10 system comes out of sleep mode.  And the only way to get the connection to succeed is reboot the windows 10 client.

2)  "there is a time and/or date difference between the client and server"  - yes by like 3 seconds
I see this issue mostly after the windows 10 system has been powered off.  If I check the time between the fileserver and the windows 10 client I see up to 3 second time difference.  IF I get the windows 10 client to update its time from the network time server the connection reconnects fine then. The windows clients are not dual boot systems, they use just the single OS.
                # I thought that the time difference could be up to 5 minutes
                # TimeZones seem to be set properly on the Servers and client
Windows systeminfo reports: Time Zone:                 (UTC-05:00) Eastern Time (US & Canada)
Adjust for Daylight savings


Here is the relevant portions of the samba file server config:
My ideal config makes use of the highest level of security features available while maintaining compatibility between the two different client versions of windows and the samba server.

ntlm auth = no
lanman auth = no
raw NTLMv2 auth = no
# Ref:  https://www.samba.org/samba/security/CVE-2016-2111.html
#client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
winbind refresh tickets = yes
realm = dom.example.com
security = ADS
encrypt passwords = yes
# min signaling
server signaling = mandatory
min protocol = SMB2_10
#client min protocol = SMB2
max protocol = SMB3
dedicated keytab file = /etc/krb5.keytab

Diagnostic suggestions?  Recommended configuration changes?

Thanks
                Derek

Derek Werthmuller
Director of Technology Innovation and Services
Center for Technology in Government
518.442.3892
www.ctg.albany.edu<http://www.ctg.albany.edu/>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba