[Samba] browsing problem with minimum protocol SMB2
Dirk Kleinhesselink
dkleinh at phy.ucsf.edu
Wed May 17 23:42:05 UTC 2017
I have a classic NT4 domain with the PDC also the wins server. With the
recent ransomware problem, we're trying to remove SMB1 and below
protocols.
However when I do this, the browse list is gone. Hosts can access
properly the shares, but they have to know exactly \\machine\share in
order to to connect. The same thing from a linux client:
smbclient -L {PDC} -m SMB2
Domain=[{MYDOMAIN}] OS=[] Server=[]
Server Comment
--------- -------
Workgroup Master
--------- -------
I.E. there's no information - The Server and Workgroup lists are empty. I
can see information going into wins.dat and browse.dat, though. If I set
the PDCs min protocols to NT1, I get:
smbclient -L {PDC}
Domain=[{MYDOMAIN}] OS=[Windows 6.1] Server=[Samba 4.3.11-Ubuntu]
(list of hosts follows)
Workgroup Master
--------- -------
{OTHER_GROUP} {GROUP_MASTER}
(etc)
What I do to set the minimum in my smb.conf is:
server min protocol = SMB2
server max protocol = SMB3
client min protocol = SMB2
client max protocol = SMB3
min protocol = SMB2
max protocol = SMB3
client ipc min protocol = SMB2
Changing the server, client and min protocols to NT1 will give the
browselist from the smbclient command without the -m SMB2
Same thing for windows clients - if I disable SMB1, then they cannot
browse the domain.
Is there a configuration setup that will do browsing with SMB1/NT1
disabled ? I'm running 4.3.11 on my PDC.
Thanks.
More information about the samba
mailing list