[Samba] smb client v4. against samba server 3.x
Rowland penny
rpenny at samba.org
Mon Oct 7 08:05:27 UTC 2019
On 07/10/2019 07:35, Andrea Zagli wrote:
> hi
>
> i'm very sorry for this private mail, instead of using the mailing
> list, but i cannot find anymore your reply on my mail client
>
> sorry again
>
>
>
> On 04/10/2019 13:59, Andrea Zagli via samba wrote:
>> hi
>>
>> i'm using debian sid
> Hmm, using experimental software
>>
>> samba version 4.11
>>
>> today trying to connect to samba server 3.x stopped to work
>
> and yet also using dead software ?
>
> Also when you say 3.x, what is the 'x', from my understanding SMBv2 only
> became experimental with 3.6.0
>
>>
>> i'm quite sure that the problem is the deprecation of smbv1
> This is undoubtedly the problem.
>>
>> indeed i can mount a share using the option vers=1.0 in mount.cifs
> This sort of proves it.
>>
>> but i cannot use smbclient to browser the server; i get error on
>> protocol negotiation
>>
>> i tried using -m SMB2 and NT1 but without success
>>
>> and also nautilus doesn't work (i found on internet that it fixes
>> using "max|min client protocol = SMB2" in smb.conf but not for me)
>>
> But this seems to say it isn't
>
> Can you tell us the exact Samba version of '3.x' and post the smb.conf
> of the machine you are trying to connect to.
>
> Rowland
>
>
>
> the exact version of samba server is 3.6.6 (on debian)
>
> and that's the smb.conf (only global section)
>
> workgroup = MYDOM
> server string = %h server
> passdb backend = ldapsam:"ldap://127.0.0.1
> passwd program = /usr/sbin/smbldap-passwd %u
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *all*authentication*token*updated*
> lanman auth = Yes
> client lanman auth = Yes
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> name resolve order = wins lmhosts host bcast
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
> SO_RCVBUF=8192
> load printers = No
> add user script = /usr/sbin/smbldap-useradd -a -G "Domain
> Users" "%u"
> delete user script = /usr/sbin/smbldap-userdel -r "%u"
> add group script = /usr/sbin/smbldap-groupadd -a "%g"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
> "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x
> "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
> add machine script = /usr/sbin/smbldap-useradd -w -G "Domain
> Computers" -i "%u"
> logon script = logon.bat
> logon path =
> logon home =
> domain logons = Yes
> os level = 255
> preferred master = Yes
> domain master = Yes
> dns proxy = No
> wins support = Yes
> ldap admin dn = cn=admin,dc=mydom,dc=fi,dc=it
> ldap delete dn = Yes
> ldap group suffix = ou=Groups
> ldap machine suffix = ou=Computers
> ldap passwd sync = yes
> ldap suffix = dc=mydom,dc=fi,dc=it
> ldap ssl = no
> ldap user suffix = ou=Users
> panic action = /usr/share/samba/panic-action %d
> read only = No
> create mask = 0771
> force security mode = 0770
> directory mask = 0770
> hide dot files = No
> hide unreadable = Yes
> map hidden = Yes
>
>
>
I received the following in a private email, so back to the list ;-)
[quote]
hi
i'm very sorry for this private mail, instead of using the mailing list,
but i cannot find anymore your reply on my mail client
sorry again
On 04/10/2019 13:59, Andrea Zagli via samba wrote:
> hi
>
> i'm using debian sid
Hmm, using experimental software
>
> samba version 4.11
>
> today trying to connect to samba server 3.x stopped to work
and yet also using dead software ?
Also when you say 3.x, what is the 'x', from my understanding SMBv2 only
became experimental with 3.6.0
>
> i'm quite sure that the problem is the deprecation of smbv1
This is undoubtedly the problem.
>
> indeed i can mount a share using the option vers=1.0 in mount.cifs
This sort of proves it.
>
> but i cannot use smbclient to browser the server; i get error on
protocol negotiation
>
> i tried using -m SMB2 and NT1 but without success
>
> and also nautilus doesn't work (i found on internet that it fixes
using "max|min client protocol = SMB2" in smb.conf but not for me)
>
But this seems to say it isn't
Can you tell us the exact Samba version of '3.x' and post the smb.conf
of the machine you are trying to connect to.
Rowland
the exact version of samba server is 3.6.6 (on debian)
and that's the smb.conf (only global section)
workgroup = MYDOM
server string = %h server
passdb backend = ldapsam:"ldap://127.0.0.1
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*token*updated*
lanman auth = Yes
client lanman auth = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
name resolve order = wins lmhosts host bcast
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
SO_RCVBUF=8192
load printers = No
add user script = /usr/sbin/smbldap-useradd -a -G "Domain
Users" "%u"
delete user script = /usr/sbin/smbldap-userdel -r "%u"
add group script = /usr/sbin/smbldap-groupadd -a "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w -G "Domain
Computers" -i "%u"
logon script = logon.bat
logon path =
logon home =
domain logons = Yes
os level = 255
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=admin,dc=mydom,dc=fi,dc=it
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap passwd sync = yes
ldap suffix = dc=mydom,dc=fi,dc=it
ldap ssl = no
ldap user suffix = ou=Users
panic action = /usr/share/samba/panic-action %d
read only = No
create mask = 0771
force security mode = 0770
directory mask = 0770
hide dot files = No
hide unreadable = Yes
map hidden = Yes
[/quote]
There have been some changes since 3.6.x (which nobody should be using now).
On 3.6.x , the default for 'ntlm auth' was 'yes', it is now 'no' on 4.11.0
From 4.11.0 the defaults for 'client max protocol' and 'server max
protocol' were both changed to 'SMB2_02', on 3.6.x it was 'CORE'
I think you should be able to work out how to fix your minor problem,
but not your major problem, you need to upgrade to AD.
Microsoft has broken NT4-style domains (entirely by accident) twice to
my knowledge, they fixed them, but they might not next time. You are
also using smbldap-tools, this also appears to be a dead project.
Rowland
More information about the samba
mailing list