You are not logged in.

#1 2017-11-15 15:10:41

Natanji
Member
Registered: 2009-09-22
Posts: 133

Samba: how to access both SMB1 as well as SMB2+3 shares?

I run an Arch Linux machine running a Samba server, testparm outputs the following configuration:

[global]
        dns proxy = No
        guest account = smbguest
        log file = /var/log/samba/%m.log
        map to guest = Bad User
        max log size = 10000
        ntlm auth = ntlmv1-permitted
        printcap name = /etc/printcap
        security = USER
        server string = liara
        smb passwd file = /etc/samba/smbpasswd
        workgroup = WORKGROUP
        idmap config * : backend = tdb
        hosts allow = 192.168.178. 127.
        smb encrypt = required


[homes]
        browseable = No
        comment = Home Directories
        read only = No

I have many different clients that try to access this machine. Windows 10 can access the server with no problem, even fresh installations. Linux clients however cannot.

For instance on an Arch or Ubuntu client I have, accessing the machine always failed despite entering the correct username+password. Eventually I found a workaround: https://superuser.com/questions/1226973 … lt-to-smb3
If I add the following to /etc/samba/smb.conf on the client (!) it works:

client min protocol = SMB2
; default is 'CORE' (MS-DOS era)

client max protocol = SMB3
; default is 'NT1' (aka CIFS)

This fixes the problem and makes it possible to access my Samba server. However, the client can no longer access any SMB1 shares after this, which I do have in my network as well (older NAS devices, which don't need security because they are guest accessible by anyone anyway).

I don't understand why the client is apparently trying to connect via SMB1 (which is deactivated on the server for security reasons) instead of trying SMB3 first, then SMB2, and only then SMB1. How does the Samba client make this decision? Is there any way how I can configure either my server or my client such that *all* machines that support SMB2+3 can access it, but also SMB1 shares as well?

Offline

#2 2017-11-15 22:48:26

seth
Member
Registered: 2012-09-03
Posts: 49,947

Re: Samba: how to access both SMB1 as well as SMB2+3 shares?

Does it work with "client min protocol = NT1" on the clients?

If you have clients that only support SMBv1 you're kinda screwed (afaiu, windows 10 completely removed support with some recent patch - might be re-activatable, though)
You'll have to add "server min protocol = NT1" (to the samba server, default is now SMB2 because NT1 has some "slight" security issues...) to make the server support SMBv1-only clients but should seek to get network-wide SMB2 support asap.

Offline

Board footer

Powered by FluxBB