[Samba] What is needed to allow Network Browsing of the file server in Windows
L.P.H. van Belle
belle at bazuin.nl
Mon Sep 28 15:10:59 UTC 2020
https://www.blackhillsinfosec.com/how-to-disable-llmnr-why-you-want-to/
Just read it and think again.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Nick
> Howitt via samba
> Verzonden: maandag 28 september 2020 16:40
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] What is needed to allow Network
> Browsing of the file server in Windows
>
>
>
> On 28/09/2020 15:21, Rowland penny via samba wrote:
> >
> > On 28/09/2020 14:52, Nick Howitt via samba wrote:
> >>
> >>
> >> On 28/09/2020 12:36, Rowland penny via samba wrote:
> >>>
> >>> On 28/09/2020 12:01, Nick Howitt via samba wrote:
> >>>> I am using Samba as a simple file server but I cannot browse its
> >>>> shares in Windows Explorer. I do not use SMB1. Am I
> missing a trick
> >>>> or is it not possible without SMB1?
> >>> No you are not missing a trick, Network Browsing requires SMBv1.
> >>> Windows now uses Network Discovery instead, you should be
> able to use
> >>> this instead: https://github.com/christgau/wsdd
> >>>>
> >>>> I am using ClearOS7 with the Centos7 4.10.4 samba package.
> >>>
> >>> Samba is starting to remove everything to do with SMBv1,
> 4.13.0 (just
> >>> released) has deprecated a few of the parameters required
> for a PDC,
> >>> so can I suggest you upgrade to Samba AD as soon as
> possible, this
> >>> will mean using non distro packages or changing distro,
> because you
> >>> cannot provision an AD DC on the Centos packages.
> >>>
> >>> Rowland
> >>>
> >> Thanks. wsdd seems to do the trick.
> >>
> >> I'm afraid I can't upgrade Samba as I am stuck with what upstream
> >> supply, so it is what I need to be able to support. ClearOS itself
> >> will need quite a rework to handle an AD/DC as it also does file
> >> serving and has a fair amount of stuff integrated with OpenLDAP
> >> including a few schema additions. Really the only feasible
> stage to do
> >> an upgrade would be when they change to 8.x. Even then,
> the easiest
> >> route would be to keep going with the current file server
> set up and
> >> run an AD/DC in docker with something like
> >> https://github.com/Fmstrat/samba-domain then join the
> server to the
> >> docker domain. You would hate this as it you strongly
> recommend (for
> >> understandable reasons) keeping an AD/DC on a separate machine.
> >> Unfortunately the ClearOS concept was for an all-in-one
> box acting as
> >> a router and server. Thankfully I am not a system architect and
> >> someone else is going to have to come up with the system design.
> >> Nick
> >>
> >>
> > You do not seem to understand, SMBv1 is insecure and the
> first stage (as
> > far as Samba is concerned) is to deprecate SMBv1, the next
> stage will be
> > to remove it. Now this isn't likely to happen overnight but
> it could be
> > Samba 4.15.0, at which point your PDC will have virtually
> nothing to
> > talk to, because I am fairly sure that when Samba removes SMBv1,
> > Microsoft will do the same.
> >
> > ClearOS is based on RHEL and RHEL doesn't seem to want an AD DC, so
> > ClearOS (and Centos) are unlikely to have one either
> (unless they break
> > with RHEL).
> >
> > When SMBv1 is removed, you will probably have three
> options. Continue
> > with ClearOS using a version of Samba that is unlikely to
> get updates
> > and has limited clients, switch to freeIPA (RHEL 8 no
> longer comes with
> > openldap and smbldap-tools) or change distro to a Debian based one.
> >
> > I personally think it is better to decide now, rather than
> waiting until
> > you are forced to make a choice.
> >
> > Rowland
> >
> >
> Yes, I am aware of the issues. I don't use smb1 or domains so
> I should
> be able to live with the current product.
> For customers who use NT4 domains things are a little more difficult.
> Currently you can still use them with 4.10 without SMB1, but
> you said in
> earlier correspondence that you needed SMB1 but I am not sure
> with what
> level of Samba. This is the first thing that scares me (a lot).
> It will be interesting to see what upstream do, bearing in
> mind they are
> still on 4.10. I am very concerned about the future and would really
> like to see ClearOS move to v8 when everything is up for
> grabs. There is
> too much baggage in 7.x to upgrade as there is too much other stuff
> built into the O/S which would need refactoring, as I was trying to
> point out. Also, if they push an upgrade to AD/DC it would
> have to be an
> automatic push converting over existing NT4 domains and I am not sure
> this is a possibility, or even safe to force on clients.
>
> Nick
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list