[Samba] browsing problem with minimum protocol SMB2

Dirk Kleinhesselink dkleinh at phy.ucsf.edu
Wed May 17 23:42:05 UTC 2017

I have a classic NT4 domain with the PDC also the wins server.  With the 
recent ransomware problem, we're trying to remove SMB1 and below 

However when I do this, the browse list is gone.  Hosts can access 
properly the shares, but they have to know exactly \\machine\share in
order to to connect.  The same thing from a linux client:

smbclient -L {PDC} -m SMB2

Domain=[{MYDOMAIN}] OS=[] Server=[]

 	Server               Comment
 	---------            -------

 	Workgroup            Master
 	---------            -------

I.E. there's no information - The Server and Workgroup lists are empty.  I 
can see information going into wins.dat and browse.dat, though.  If I set
the PDCs min protocols to NT1, I get:

smbclient -L {PDC}

Domain=[{MYDOMAIN}] OS=[Windows 6.1] Server=[Samba 4.3.11-Ubuntu]

(list of hosts follows)

 	Workgroup            Master
 	---------            -------


What I do to set the minimum in my smb.conf is:

    server min protocol = SMB2
    server max protocol = SMB3
    client min protocol = SMB2
    client max protocol = SMB3
    min protocol = SMB2
    max protocol = SMB3
    client ipc min protocol = SMB2

Changing the server, client and min protocols to NT1 will give the 
browselist from the smbclient command without the -m SMB2

Same thing for windows clients - if I disable SMB1, then they cannot 
browse the domain.

Is there a configuration setup that will do browsing with SMB1/NT1 
disabled ?  I'm running 4.3.11 on my PDC.


More information about the samba mailing list