[Samba] Windows clients require reboot once a day in order to access mapped drives
L.P.H. van Belle
belle at bazuin.nl
Wed May 1 06:23:59 UTC 2019
Mason,
You can set these also on the share.
Win7 and10
client min protocol = SMB2
client max protocol = SMB3
The one for the scanner,
client min protocol = NT1
client max protocol = SMB2
Part of my smbstatus -a:
PID Username Group Machine Protocol Version Encryption Signing
27316 root root 192.168.xxx.1(ipv4:192.168.xxx.1:50818) SMB2_10 - -
27357 username domain users 192.168.xxx.2(ipv4:192.168.xxx.2:63181) SMB3_11 partial(AES-128-CCM) partial(AES-128-CMAC)
27439 username domain users 192.168.x.5 (ipv4:192.168.x.5:1102) NT1 - -
27336 root root 192.168.xxx.3(ipv4:192.168.xxx.3:34540) SMB3_00 - -
27337 root root 192.168.xxx.4(ipv4:192.168.xxx.4:41138) SMB3_00 - -
>From above list, top to bottem.
The first is a windows 7 pc. and the second a win10 PC. connecting to a share configured with :
smb encrypt = auto
client min protocol = SMB2
client max protocol = SMB3
the thirth is a Win XP pc, connecting to a separated share configured with:
client min protocol = NT1
client max protocol = SMB2
The last to are 2 Xen xcp-ng servers with samba 4.2.3.
No configuration is done for this share.
The above see if it helps you a bit.
Greetz,
Louis
________________________________
Van: Mason Schmitt [mailto:mason at ftlcomputing.com]
Verzonden: dinsdag 30 april 2019 19:39
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Windows clients require reboot once a day in order to access mapped drives
I would check 3 things here before this is reported as bug.
Kerberos/Authentication. krb5.conf, Did you change the : clockskew or renew_lifetime
Set only this :
[libdefaults]
default_realm = YOUR.REALM.TLD
dns_lookup_kdc = true
dns_lookup_realm = false
I have not played with clockskew or renew_lifetime. Both my DC and file server have the following krb5.conf file.
[libdefaults]
default_realm = YOUR.REALM.TLD
dns_lookup_realm = false
dns_lookup_kdc = true
Are the pc's connected to multiple servers. Then on these servers run : smbstatus -A
Check these outputs.
The windows clients, do these have SMB1 still enabled or not?
Windows 10 clients (the only ones having the problem) have SMB1 disabled by default. I have not re-enabled it.
Currently, when I run smbstatus -A I see clients connection with either protocol version 2_10 or 3_11.
And what are the windows eventlogs telling ( post event id and part of description ).
As noted in my previous email, after spending a half hour looking through event logs I didn't see anything.
Now, you can try these also. I tested samba 4.9.6 and 4.10.2 on Debian 9.
smb encrypt = required
That will disconnect my win7 clients, so I can't try that.
client min protocol = SMB2
client max protocol = SMB3
My reading of the man page suggests that these settings apply to smbclient, not windows clients connecting to the samba server. I had previously thought, prior to reading the man page, that this would limit which protocols were available to connecting clients, but I can confirm that it does not perform that function. However, setting server min protocol = SMB2 and/or server max protocol = SMB3, does limit what clients can do. However, to my surprise, if I set 'server max protocol = SMB2' windows 10 clients cannot connect. So, my current understanding is that if one has Win10 clients on the network, you cannot set 'server max protocol' to anything less than SMB3.
I currently can't disable SMB1 on this server, as there is a scanner that connects via SMB1 to one of my shares. I'm working to change that, but I can't eliminate it just yet.
--
Mason
More information about the samba
mailing list