[Samba] Win 10 cannot connect with (some variations of) 'smb encrypt = desired'
Ralph Böhme
slow at samba.org
Fri Jan 20 14:15:43 UTC 2017
On Fri, Dec 23, 2016 at 02:21:16PM -0600, Chad William Seys via samba wrote:
> Hi all,
>
> There are some surprises when trying to connect Windows 10 (up to date circa
> Dec 2016) to Samba (4.5.2) with 'smb encrypt = desired' as a config option.
>
> I've made a grid of some of the combinations 'smb encrypt = desired'
> settings below.
>
> The biggest surprise is that if 'smb encrypt = desired' is set globally and
> in the share, Windows 10 cannot connect at all, but if 'smb encrypt =
> required' globally then Windows 10 can connect.
>
> "Connecting" was tested by first logging out of Windows, restarting the smbd
> daemon, logging in to Windows, opening Explorer, and typing the URL (UNC?)
> into the address bar. No credentials were saved in Credential Manager.
>
> browse - specify hostname, but not share name - \\smb.physics.wisc.edu
> select - browse shares as above, then select the share name in Explorer
> direct - specify hostname and sharename - \\smb.physics.wisc.edu\smb
>
> G - global
> S - per share
> browse | select | direct
> smb encrypt (no G, no S) = '' Y | Y | Y
> smb encrypt (G, no S) = required Y[0] | Y | Y
> smb encrypt (no G, S) = desired Y[4] | N[1] | Y
> smb encrypt (G and S) = desired N[3] | N/A | N[2]
> smb encrypt (G, no S) = desired N[3] | N/A | N[2]
>
> - Shouldn't the last two combos create the same final connection as a global
> 'smb encrypt = required'?
>
> [0] Successful login needed before shares are visible.
> [1] Error message is "multiple connections to a server or a shared resource
> by the same user, using more than one user name, are not allowed.
> Disconnect all [...]"
> [2] Error message is "The specified server connot perform the requested
> operation"
> [3] Error message is "Check the spelling of the name. Otherwise there might
> be a problem with your network."
> [4] Browsing shares connection not encrypted. When trying to enter a share,
> possibly Samba/Windows tries to create an encrypted connection leading to
> [1]. If it is not possible to renegotiate encryption, then the unencrypted
> connection should be used instead (remember that 'smb encryption =
> desired').
hm, this sounds different then
<https://bugzilla.samba.org/show_bug.cgi?id=12520>
but can you please test with the patch proposed here:
<https://lists.samba.org/archive/samba-technical/2017-January/118225.html>
Cheerio!
-slow
More information about the samba
mailing list