[Samba] smb client v4. against samba server 3.x

Rowland penny rpenny at samba.org
Mon Oct 7 08:05:27 UTC 2019


On 07/10/2019 07:35, Andrea Zagli wrote:
> hi
>
> i'm very sorry for this private mail, instead of using the mailing 
> list, but i cannot find anymore your reply on my mail client
>
> sorry again
>
>
>
> On 04/10/2019 13:59, Andrea Zagli via samba wrote:
>> hi
>>
>> i'm using debian sid
> Hmm, using experimental software
>>
>> samba version 4.11
>>
>> today trying to connect to samba server 3.x stopped to work
>
> and yet also using dead software ?
>
> Also when you say 3.x, what is the 'x', from my understanding SMBv2 only
> became experimental with 3.6.0
>
>>
>> i'm quite sure that the problem is the deprecation of smbv1
> This is undoubtedly the problem.
>>
>> indeed i can mount a share using the option vers=1.0 in mount.cifs
> This sort of proves it.
>>
>> but i cannot use smbclient to browser the server; i get error on 
>> protocol negotiation
>>
>> i tried using -m SMB2 and NT1 but without success
>>
>> and also nautilus doesn't work (i found on internet that it fixes 
>> using "max|min client protocol = SMB2" in smb.conf but not for me)
>>
> But this seems to say it isn't
>
> Can you tell us the exact Samba version of '3.x' and post the smb.conf
> of the machine you are trying to connect to.
>
> Rowland
>
>
>
> the exact version of samba server is 3.6.6 (on debian)
>
> and that's the smb.conf (only global section)
>
>        workgroup = MYDOM
>         server string = %h server
>         passdb backend = ldapsam:"ldap://127.0.0.1
>         passwd program = /usr/sbin/smbldap-passwd %u
>         passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
> *all*authentication*token*updated*
>         lanman auth = Yes
>         client lanman auth = Yes
>         syslog = 0
>         log file = /var/log/samba/log.%m
>         max log size = 1000
>         name resolve order = wins lmhosts host bcast
>         socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 
> SO_RCVBUF=8192
>         load printers = No
>         add user script = /usr/sbin/smbldap-useradd -a -G "Domain 
> Users" "%u"
>         delete user script = /usr/sbin/smbldap-userdel -r "%u"
>         add group script = /usr/sbin/smbldap-groupadd -a "%g"
>         delete group script = /usr/sbin/smbldap-groupdel "%g"
>         add user to group script = /usr/sbin/smbldap-groupmod -m "%u" 
> "%g"
>         delete user from group script = /usr/sbin/smbldap-groupmod -x 
> "%u" "%g"
>         set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>         add machine script = /usr/sbin/smbldap-useradd -w -G "Domain 
> Computers" -i "%u"
>         logon script = logon.bat
>         logon path =
>         logon home =
>         domain logons = Yes
>         os level = 255
>         preferred master = Yes
>         domain master = Yes
>         dns proxy = No
>         wins support = Yes
>         ldap admin dn = cn=admin,dc=mydom,dc=fi,dc=it
>         ldap delete dn = Yes
>         ldap group suffix = ou=Groups
>         ldap machine suffix = ou=Computers
>         ldap passwd sync = yes
>         ldap suffix = dc=mydom,dc=fi,dc=it
>         ldap ssl = no
>         ldap user suffix = ou=Users
>         panic action = /usr/share/samba/panic-action %d
>         read only = No
>         create mask = 0771
>         force security mode = 0770
>         directory mask = 0770
>         hide dot files = No
>         hide unreadable = Yes
>         map hidden = Yes
>
>
>
I received the following in a private email, so back to the list ;-)

[quote]


hi

i'm very sorry for this private mail, instead of using the mailing list, 
but i cannot find anymore your reply on my mail client

sorry again



On 04/10/2019 13:59, Andrea Zagli via samba wrote:
 > hi
 >
 > i'm using debian sid
Hmm, using experimental software
 >
 > samba version 4.11
 >
 > today trying to connect to samba server 3.x stopped to work

and yet also using dead software ?

Also when you say 3.x, what is the 'x', from my understanding SMBv2 only
became experimental with 3.6.0

 >
 > i'm quite sure that the problem is the deprecation of smbv1
This is undoubtedly the problem.
 >
 > indeed i can mount a share using the option vers=1.0 in mount.cifs
This sort of proves it.
 >
 > but i cannot use smbclient to browser the server; i get error on 
protocol negotiation
 >
 > i tried using -m SMB2 and NT1 but without success
 >
 > and also nautilus doesn't work (i found on internet that it fixes 
using "max|min client protocol = SMB2" in smb.conf but not for me)
 >
But this seems to say it isn't

Can you tell us the exact Samba version of '3.x' and post the smb.conf
of the machine you are trying to connect to.

Rowland



the exact version of samba server is 3.6.6 (on debian)

and that's the smb.conf (only global section)

        workgroup = MYDOM
         server string = %h server
         passdb backend = ldapsam:"ldap://127.0.0.1
         passwd program = /usr/sbin/smbldap-passwd %u
         passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
*all*authentication*token*updated*
         lanman auth = Yes
         client lanman auth = Yes
         syslog = 0
         log file = /var/log/samba/log.%m
         max log size = 1000
         name resolve order = wins lmhosts host bcast
         socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 
SO_RCVBUF=8192
         load printers = No
         add user script = /usr/sbin/smbldap-useradd -a -G "Domain 
Users" "%u"
         delete user script = /usr/sbin/smbldap-userdel -r "%u"
         add group script = /usr/sbin/smbldap-groupadd -a "%g"
         delete group script = /usr/sbin/smbldap-groupdel "%g"
         add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
         delete user from group script = /usr/sbin/smbldap-groupmod -x 
"%u" "%g"
         set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
         add machine script = /usr/sbin/smbldap-useradd -w -G "Domain 
Computers" -i "%u"
         logon script = logon.bat
         logon path =
         logon home =
         domain logons = Yes
         os level = 255
         preferred master = Yes
         domain master = Yes
         dns proxy = No
         wins support = Yes
         ldap admin dn = cn=admin,dc=mydom,dc=fi,dc=it
         ldap delete dn = Yes
         ldap group suffix = ou=Groups
         ldap machine suffix = ou=Computers
         ldap passwd sync = yes
         ldap suffix = dc=mydom,dc=fi,dc=it
         ldap ssl = no
         ldap user suffix = ou=Users
         panic action = /usr/share/samba/panic-action %d
         read only = No
         create mask = 0771
         force security mode = 0770
         directory mask = 0770
         hide dot files = No
         hide unreadable = Yes
         map hidden = Yes

[/quote]

There have been some changes since 3.6.x (which nobody should be using now).

On 3.6.x , the default for 'ntlm auth' was 'yes', it is now 'no' on 4.11.0

 From 4.11.0 the defaults for 'client max protocol' and 'server max 
protocol' were both changed to 'SMB2_02', on 3.6.x it was 'CORE'

I think you should be able to work out how to fix your minor problem, 
but not your major problem, you need to upgrade to AD.

Microsoft has broken NT4-style domains (entirely by accident) twice to 
my knowledge, they fixed them, but they might not next time. You are 
also using smbldap-tools, this also appears to be a dead project.

Rowland







More information about the samba mailing list