[Samba] Ancient SMB client issues

Andrew Bartlett abartlet at samba.org
Thu Apr 11 21:38:34 UTC 2024 

Yeah, I think you just got caught out by the client/server min protocol
level things.
Samba still fully supports SMB1 for now, and if you can just use Samba
without needing the data somewhere else then that should be good for
now.
We do want to get rid of SMB1, but while very helpful it is also hard,
so you will have a good, secure-enough solution for now.
With a strong password, NTLMv2 and SMB signing, it isn't actually a
security disaster, MS started the drumbeat of 'SMB1 must die' mostly
because their SMB1 code, like ours, is old and crusty and so if the
protocol is turned off the attack surface is smaller.
Andrew Bartlett
On Thu, 2024-04-11 at 15:42 +0200, Anders Östling via samba wrote:
> Actually, I made it work by adding the “min server protocol = NT1” on
> the virtual dedicated server. So I guess that this will solve our
> dilemma (unless I missed something). In any case, one of the robots
> now have access to the new server. Will try the second one as soon as
> I get a chance (they are busy bending steel ;:) )
> Anders
> > On 11 Apr 2024, at 14:55, Rowland Penny via samba <
> > samba at lists.samba.org> wrote:
> > On Thu, 11 Apr 2024 14:38:51 +0200Anders Östling via samba <
> > samba at lists.samba.org> wrote:
> > > I have a customer with a couple of industrial robots running
> > > Linux2.6.34 and Samba 3.4.7 (smbclient -V). They are able to
> > > connect toSMB shares on Windows servers IF I "allow unsafe
> > > connections”, ielower the SMB minimum level. The servers are on
> > > Windows 2019, andthis setup has worked for a couple of years now.
> > > I have created a virtual Debian/Samba 4.19 server with the
> > > intentionof moving over the SMB shares that the robots need to
> > > this server. IfI connect from Windows 10 clients to the Samba
> > > servers shares, noissues. If I try the same from the robot
> > > (ancient SMB) then it failswith the rather bleak “protocol
> > > negotiation failed:NT_STATUS_INVALID_NETWORK”. I get this error
> > > regardless of the minprotocol level (NT1 or SMB2) on the server. 
> > > In short, are we doomed to stay with the unsafe Windows
> > > shareconnections, or is there another way to migrate from Windows
> > > toLinux? Maybe running an ancient Samba too, but that does not
> > > soundtoo attractive…
> > 
> > You probably need three machines:
> > Your industrial robots that use SMBv1
> > A 'machine' in the middle with 'server min protocol = NT1' set (it
> > willdefault to 'client min protocol = SMB2_02'
> > A Samba server that isn't using SMBv1
> > The robot can connect to and download files from the
> > intermediatemachine, which in turn (without using SMBv1) can
> > download from theSamba server.
> > Rowland
> > 
> > 
> > -- To unsubscribe from this list go to the following URL and read
> > theinstructions:  https://lists.samba.org/mailman/options/samba
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead                https://catalyst.net.nz/services/samba
Catalyst.Net Ltd


Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company

Samba Development and Support: https://catalyst.net.nz/services/samba

Catalyst IT - Expert Open Source Solutions

More information about the samba mailing list