After installing Win10 1803 recently I noticed I was no longer able to reach my samba shares on my linux machine. After some digging it turned out, that SMB1 is now disabled by default and my linux machine is apparently using that one as default.
Now I want to fix that so that my smb-server properly negotiates the highest supported procol version available. As far as docs go, smb should support SMB2 and SMB3 without any problems. But if I disable SMB1 in Windows the server disappears completely.
I started to play around with min protocol = SMB2
, max protocol = SMB3
and protocol=SMB2
but to no avail. At this point I threw wireshark into the mix and noted some interesting details.
No matter whether I disable SMB1 or have it enabled on my windows machine, it always sends an smb negotiate protocol request with three supported dialects (encapsulated in a SMB packet):
- NT LM 0.12 (SMB1/CIFS)
- SMB 2.002
- SMB 2.???
SMB1 is always part of that list, no matter what. Don't know why, but it shouldn't be a problem if smb picks the highest supported dialect. Sadly the response suggests that SMB2.002 and SMB2.??? are unrecognized.
With the config attached at the bottom I get a negotiate protocol response which picks NL LM 0.12. If I add min protocol = SMB2
to the config the protocol response returns -1 (PC NETWORK PROGRAM 1.0) which results in the oldest protocol variant possible. If I set protocol = SMB2
to circumvent the negotiations completely the server properly sends a SMB2 packet instead of a SMB one and sets the dialect to 0x0202 (SMB2_02) correctly, but windows still refuses to work with that version.
At this point I'm out of Ideas on how to enable support for a SMB protocol version that is not SMB1 between a linux server and a windows client… If anyone has ideas on how to get it working properly, feel free to share them.
Ideally I only want to adjust my server, not the client machines if possible.
Notes
Server:
- Openmediavault (Debian 7)
- smbd & nmbd v3.6.6
Client:
- Win10 1803 (build 17134.48)
- Feature "Support for SMB1.0/CIFS" deactivated
Disabling the service mrxsmb10 may have the same effect as uninstalling the feature.
smb.conf
[global]
workgroup = WORKGROUP
server string = %h server
dns proxy = no
log level = 0
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
syslog only = yes
panic action = /usr/share/samba/panic-action %d
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY
guest account = nobody
load printers = no
disable spoolss = yes
printing = bsd
printcap name = /dev/null
unix extensions = yes
wide links = no
create mask = 0777
directory mask = 0777
use sendfile = yes
aio read size = 16384
aio write size = 16384
null passwords = no
local master = yes
time server = yes
wins support = yes
wins server = NAS
Best Answer
The smpd version 3.6.x doesn't support SMB3, so it won't recognize it. Using
max protocol = SMB2
should enable the SMB2 support, so start with it. If you then addmin protocol = SMB2
the list gets quite narrow...The LTS support for Debian 7 "Wheezy" ends on May 31, 2018. That's in less than a week. Upgraded Debian 9 comes with smbd 4.5.x, and SMB 3.0 is supported since smbd 4.2. It will support your
max protocol = SMB3
.