[Samba] [SOLVED] smb client v4. against samba server 3.x

Andrea Zagli azagli at libero.it
Mon Oct 7 08:59:08 UTC 2019


Il giorno lun 7 ott 2019, 10:05:27, Rowland penny via samba ha scritto:

> On 07/10/2019 07:35, Andrea Zagli wrote:
>> hi
>>
>> i'm very sorry for this private mail, instead of using the mailing  
>> list, but i cannot find anymore your reply on my mail client
>>
>> sorry again
>>
>>
>>
>> On 04/10/2019 13:59, Andrea Zagli via samba wrote:
>>> hi
>>>
>>> i'm using debian sid
>> Hmm, using experimental software
>>>
>>> samba version 4.11
>>>
>>> today trying to connect to samba server 3.x stopped to work
>>
>> and yet also using dead software ?
>>
>> Also when you say 3.x, what is the 'x', from my understanding SMBv2 only
>> became experimental with 3.6.0
>>
>>>
>>> i'm quite sure that the problem is the deprecation of smbv1
>> This is undoubtedly the problem.
>>>
>>> indeed i can mount a share using the option vers=1.0 in mount.cifs
>> This sort of proves it.
>>>
>>> but i cannot use smbclient to browser the server; i get error on  
>>> protocol negotiation
>>>
>>> i tried using -m SMB2 and NT1 but without success
>>>
>>> and also nautilus doesn't work (i found on internet that it fixes  
>>> using "max|min client protocol = SMB2" in smb.conf but not for me)
>>>
>> But this seems to say it isn't
>>
>> Can you tell us the exact Samba version of '3.x' and post the smb.conf
>> of the machine you are trying to connect to.
>>
>> Rowland
>>
>>
>>
>> the exact version of samba server is 3.6.6 (on debian)
>>
>> and that's the smb.conf (only global section)
>>
>>        workgroup = MYDOM
>>         server string = %h server
>>         passdb backend = ldapsam:"ldap://127.0.0.1
>>         passwd program = /usr/sbin/smbldap-passwd %u
>>         passwd chat = *New*password* %n\n *Retype*new*password*  
>> %n\n *all*authentication*token*updated*
>>         lanman auth = Yes
>>         client lanman auth = Yes
>>         syslog = 0
>>         log file = /var/log/samba/log.%m
>>         max log size = 1000
>>         name resolve order = wins lmhosts host bcast
>>         socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192  
>> SO_RCVBUF=8192
>>         load printers = No
>>         add user script = /usr/sbin/smbldap-useradd -a -G "Domain  
>> Users" "%u"
>>         delete user script = /usr/sbin/smbldap-userdel -r "%u"
>>         add group script = /usr/sbin/smbldap-groupadd -a "%g"
>>         delete group script = /usr/sbin/smbldap-groupdel "%g"
>>         add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>>         delete user from group script = /usr/sbin/smbldap-groupmod  
>> -x "%u" "%g"
>>         set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>>         add machine script = /usr/sbin/smbldap-useradd -w -G  
>> "Domain Computers" -i "%u"
>>         logon script = logon.bat
>>         logon path =
>>         logon home =
>>         domain logons = Yes
>>         os level = 255
>>         preferred master = Yes
>>         domain master = Yes
>>         dns proxy = No
>>         wins support = Yes
>>         ldap admin dn = cn=admin,dc=mydom,dc=fi,dc=it
>>         ldap delete dn = Yes
>>         ldap group suffix = ou=Groups
>>         ldap machine suffix = ou=Computers
>>         ldap passwd sync = yes
>>         ldap suffix = dc=mydom,dc=fi,dc=it
>>         ldap ssl = no
>>         ldap user suffix = ou=Users
>>         panic action = /usr/share/samba/panic-action %d
>>         read only = No
>>         create mask = 0771
>>         force security mode = 0770
>>         directory mask = 0770
>>         hide dot files = No
>>         hide unreadable = Yes
>>         map hidden = Yes
>>
>>
>>
> I received the following in a private email, so back to the list ;-)
>
> [quote]
>
>
> hi
>
> i'm very sorry for this private mail, instead of using the mailing  
> list, but i cannot find anymore your reply on my mail client
>
> sorry again
>
>
>
> On 04/10/2019 13:59, Andrea Zagli via samba wrote:
>> hi
>>
>> i'm using debian sid
> Hmm, using experimental software
>>
>> samba version 4.11
>>
>> today trying to connect to samba server 3.x stopped to work
>
> and yet also using dead software ?
>
> Also when you say 3.x, what is the 'x', from my understanding SMBv2 only
> became experimental with 3.6.0
>
>>
>> i'm quite sure that the problem is the deprecation of smbv1
> This is undoubtedly the problem.
>>
>> indeed i can mount a share using the option vers=1.0 in mount.cifs
> This sort of proves it.
>>
>> but i cannot use smbclient to browser the server; i get error on  
>> protocol negotiation
>>
>> i tried using -m SMB2 and NT1 but without success
>>
>> and also nautilus doesn't work (i found on internet that it fixes  
>> using "max|min client protocol = SMB2" in smb.conf but not for me)
>>
> But this seems to say it isn't
>
> Can you tell us the exact Samba version of '3.x' and post the smb.conf
> of the machine you are trying to connect to.
>
> Rowland
>
>
>
> the exact version of samba server is 3.6.6 (on debian)
>
> and that's the smb.conf (only global section)
>
>        workgroup = MYDOM
>         server string = %h server
>         passdb backend = ldapsam:"ldap://127.0.0.1
>         passwd program = /usr/sbin/smbldap-passwd %u
>         passwd chat = *New*password* %n\n *Retype*new*password* %n\n  
> *all*authentication*token*updated*
>         lanman auth = Yes
>         client lanman auth = Yes
>         syslog = 0
>         log file = /var/log/samba/log.%m
>         max log size = 1000
>         name resolve order = wins lmhosts host bcast
>         socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192  
> SO_RCVBUF=8192
>         load printers = No
>         add user script = /usr/sbin/smbldap-useradd -a -G "Domain Users" "%u"
>         delete user script = /usr/sbin/smbldap-userdel -r "%u"
>         add group script = /usr/sbin/smbldap-groupadd -a "%g"
>         delete group script = /usr/sbin/smbldap-groupdel "%g"
>         add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>         delete user from group script = /usr/sbin/smbldap-groupmod  
> -x "%u" "%g"
>         set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>         add machine script = /usr/sbin/smbldap-useradd -w -G "Domain  
> Computers" -i "%u"
>         logon script = logon.bat
>         logon path =
>         logon home =
>         domain logons = Yes
>         os level = 255
>         preferred master = Yes
>         domain master = Yes
>         dns proxy = No
>         wins support = Yes
>         ldap admin dn = cn=admin,dc=mydom,dc=fi,dc=it
>         ldap delete dn = Yes
>         ldap group suffix = ou=Groups
>         ldap machine suffix = ou=Computers
>         ldap passwd sync = yes
>         ldap suffix = dc=mydom,dc=fi,dc=it
>         ldap ssl = no
>         ldap user suffix = ou=Users
>         panic action = /usr/share/samba/panic-action %d
>         read only = No
>         create mask = 0771
>         force security mode = 0770
>         directory mask = 0770
>         hide dot files = No
>         hide unreadable = Yes
>         map hidden = Yes
>
> [/quote]
>
> There have been some changes since 3.6.x (which nobody should be using now).
>
> On 3.6.x , the default for 'ntlm auth' was 'yes', it is now 'no' on 4.11.0
>
> From 4.11.0 the defaults for 'client max protocol' and 'server max  
> protocol' were both changed to 'SMB2_02', on 3.6.x it was 'CORE'
>
> I think you should be able to work out how to fix your minor  
> problem, but not your major problem, you need to upgrade to AD.
>
> Microsoft has broken NT4-style domains (entirely by accident) twice  
> to my knowledge, they fixed them, but they might not next time. You  
> are also using smbldap-tools, this also appears to be a dead project.
>
> Rowland


setting "client min protocol = CORE" solved the problem (both for  
smbclient and nautilus)

thanks a lot for your support

(unfortunately moving to samba 4.x and AD is a very slow work in  
progress, due to the lack of time)



More information about the samba mailing list