Well, FWIW I can now connect a Win 7 to S4 using SMB2 in workgroup mode, but not with SMB3.
server min protocol=SMB2
domain logons = no
domain master = yes
sever role = standalone
I am *just* using the existing files in /etc/samba currently.
/ # smbstatus
Samba version 4.8.2
PID Username Group Machine Protocol Version Encryption Signing
----------------------------------------------------------------------------------------------------------------------------------------
20 john john 192.168.10.28 (ipv4:192.168.10.28:50321) SMB2_10 - -
If I change the samba server to minimum version SMB3 if will not connect at present.
Regarding Domain logons.
Yes, you can theoretically logon to a NT style domain on Samba 4 if you use SMB1.
However.
First, this assumes you are running SMB1 and have not previously joined a domain, which is where the issues seem to lie.
I have been messing with about with Win 7. It has SMB1 and 2 (at least). I can connect fine to the S4 server now when I am using 'workgroup' mode. I decided to see what happened when I tried to join a Domain, and noticed it immediately sprang up a box asking to join a Active Directory domain. I don't remember that happening before, though I could be wrong.
It set me thinking a little. What if you have SMB1 installed, but if there is a higher version installed/enabled it will default to that and want a AD login?
So I disabled SMB2 using this: Note there are settings for disabling the Server and Workstation components.
https://support.microsoft.com/en-us/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-andA reboot later and no network browsing or ability to connect, and some errors in the Event logs.
"The computer browser service depends on the the Workstation service which failed to start because of the following error
The dependency service does not exist or has been marked for deletion"
"The workstation service depends on the following service: nis
This service might not be installed"
What I am thinking is possibly there is a circular dependency malarkey here. The SMB1 service won't start because most likely the NSI service has a dependency on SMB2, so when you do it enable SMB2 the system defaults to using SMB2 and then starts hunting AD stuff for domain logons.
Could have gotten the registry settings completely wrong, so this may be a load of old rubbish, but I haven't touched Windows in years so a bit out of it. (Reminds me I won't be going back either... .!)
Unfortunately I don't have enough bits littered about here to test this properly (the test box is actually across an ipsec link !!!!)
I need to tidy my Docker S4 install a bit more and paste some instructions for use if anyone is actually interested.
Any thoughts welcomed.