[Samba] [SOLVED] smb client v4. against samba server 3.x
Andrea Zagli
azagli at libero.it
Mon Oct 7 08:59:08 UTC 2019
Il giorno lun 7 ott 2019, 10:05:27, Rowland penny via samba ha scritto:
> On 07/10/2019 07:35, Andrea Zagli wrote:
>> hi
>>
>> i'm very sorry for this private mail, instead of using the mailing
>> list, but i cannot find anymore your reply on my mail client
>>
>> sorry again
>>
>>
>>
>> On 04/10/2019 13:59, Andrea Zagli via samba wrote:
>>> hi
>>>
>>> i'm using debian sid
>> Hmm, using experimental software
>>>
>>> samba version 4.11
>>>
>>> today trying to connect to samba server 3.x stopped to work
>>
>> and yet also using dead software ?
>>
>> Also when you say 3.x, what is the 'x', from my understanding SMBv2 only
>> became experimental with 3.6.0
>>
>>>
>>> i'm quite sure that the problem is the deprecation of smbv1
>> This is undoubtedly the problem.
>>>
>>> indeed i can mount a share using the option vers=1.0 in mount.cifs
>> This sort of proves it.
>>>
>>> but i cannot use smbclient to browser the server; i get error on
>>> protocol negotiation
>>>
>>> i tried using -m SMB2 and NT1 but without success
>>>
>>> and also nautilus doesn't work (i found on internet that it fixes
>>> using "max|min client protocol = SMB2" in smb.conf but not for me)
>>>
>> But this seems to say it isn't
>>
>> Can you tell us the exact Samba version of '3.x' and post the smb.conf
>> of the machine you are trying to connect to.
>>
>> Rowland
>>
>>
>>
>> the exact version of samba server is 3.6.6 (on debian)
>>
>> and that's the smb.conf (only global section)
>>
>> workgroup = MYDOM
>> server string = %h server
>> passdb backend = ldapsam:"ldap://127.0.0.1
>> passwd program = /usr/sbin/smbldap-passwd %u
>> passwd chat = *New*password* %n\n *Retype*new*password*
>> %n\n *all*authentication*token*updated*
>> lanman auth = Yes
>> client lanman auth = Yes
>> syslog = 0
>> log file = /var/log/samba/log.%m
>> max log size = 1000
>> name resolve order = wins lmhosts host bcast
>> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
>> SO_RCVBUF=8192
>> load printers = No
>> add user script = /usr/sbin/smbldap-useradd -a -G "Domain
>> Users" "%u"
>> delete user script = /usr/sbin/smbldap-userdel -r "%u"
>> add group script = /usr/sbin/smbldap-groupadd -a "%g"
>> delete group script = /usr/sbin/smbldap-groupdel "%g"
>> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>> delete user from group script = /usr/sbin/smbldap-groupmod
>> -x "%u" "%g"
>> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>> add machine script = /usr/sbin/smbldap-useradd -w -G
>> "Domain Computers" -i "%u"
>> logon script = logon.bat
>> logon path =
>> logon home =
>> domain logons = Yes
>> os level = 255
>> preferred master = Yes
>> domain master = Yes
>> dns proxy = No
>> wins support = Yes
>> ldap admin dn = cn=admin,dc=mydom,dc=fi,dc=it
>> ldap delete dn = Yes
>> ldap group suffix = ou=Groups
>> ldap machine suffix = ou=Computers
>> ldap passwd sync = yes
>> ldap suffix = dc=mydom,dc=fi,dc=it
>> ldap ssl = no
>> ldap user suffix = ou=Users
>> panic action = /usr/share/samba/panic-action %d
>> read only = No
>> create mask = 0771
>> force security mode = 0770
>> directory mask = 0770
>> hide dot files = No
>> hide unreadable = Yes
>> map hidden = Yes
>>
>>
>>
> I received the following in a private email, so back to the list ;-)
>
> [quote]
>
>
> hi
>
> i'm very sorry for this private mail, instead of using the mailing
> list, but i cannot find anymore your reply on my mail client
>
> sorry again
>
>
>
> On 04/10/2019 13:59, Andrea Zagli via samba wrote:
>> hi
>>
>> i'm using debian sid
> Hmm, using experimental software
>>
>> samba version 4.11
>>
>> today trying to connect to samba server 3.x stopped to work
>
> and yet also using dead software ?
>
> Also when you say 3.x, what is the 'x', from my understanding SMBv2 only
> became experimental with 3.6.0
>
>>
>> i'm quite sure that the problem is the deprecation of smbv1
> This is undoubtedly the problem.
>>
>> indeed i can mount a share using the option vers=1.0 in mount.cifs
> This sort of proves it.
>>
>> but i cannot use smbclient to browser the server; i get error on
>> protocol negotiation
>>
>> i tried using -m SMB2 and NT1 but without success
>>
>> and also nautilus doesn't work (i found on internet that it fixes
>> using "max|min client protocol = SMB2" in smb.conf but not for me)
>>
> But this seems to say it isn't
>
> Can you tell us the exact Samba version of '3.x' and post the smb.conf
> of the machine you are trying to connect to.
>
> Rowland
>
>
>
> the exact version of samba server is 3.6.6 (on debian)
>
> and that's the smb.conf (only global section)
>
> workgroup = MYDOM
> server string = %h server
> passdb backend = ldapsam:"ldap://127.0.0.1
> passwd program = /usr/sbin/smbldap-passwd %u
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *all*authentication*token*updated*
> lanman auth = Yes
> client lanman auth = Yes
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> name resolve order = wins lmhosts host bcast
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
> SO_RCVBUF=8192
> load printers = No
> add user script = /usr/sbin/smbldap-useradd -a -G "Domain Users" "%u"
> delete user script = /usr/sbin/smbldap-userdel -r "%u"
> add group script = /usr/sbin/smbldap-groupadd -a "%g"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod
> -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
> add machine script = /usr/sbin/smbldap-useradd -w -G "Domain
> Computers" -i "%u"
> logon script = logon.bat
> logon path =
> logon home =
> domain logons = Yes
> os level = 255
> preferred master = Yes
> domain master = Yes
> dns proxy = No
> wins support = Yes
> ldap admin dn = cn=admin,dc=mydom,dc=fi,dc=it
> ldap delete dn = Yes
> ldap group suffix = ou=Groups
> ldap machine suffix = ou=Computers
> ldap passwd sync = yes
> ldap suffix = dc=mydom,dc=fi,dc=it
> ldap ssl = no
> ldap user suffix = ou=Users
> panic action = /usr/share/samba/panic-action %d
> read only = No
> create mask = 0771
> force security mode = 0770
> directory mask = 0770
> hide dot files = No
> hide unreadable = Yes
> map hidden = Yes
>
> [/quote]
>
> There have been some changes since 3.6.x (which nobody should be using now).
>
> On 3.6.x , the default for 'ntlm auth' was 'yes', it is now 'no' on 4.11.0
>
> From 4.11.0 the defaults for 'client max protocol' and 'server max
> protocol' were both changed to 'SMB2_02', on 3.6.x it was 'CORE'
>
> I think you should be able to work out how to fix your minor
> problem, but not your major problem, you need to upgrade to AD.
>
> Microsoft has broken NT4-style domains (entirely by accident) twice
> to my knowledge, they fixed them, but they might not next time. You
> are also using smbldap-tools, this also appears to be a dead project.
>
> Rowland
setting "client min protocol = CORE" solved the problem (both for
smbclient and nautilus)
thanks a lot for your support
(unfortunately moving to samba 4.x and AD is a very slow work in
progress, due to the lack of time)
More information about the samba
mailing list