[Samba] [SOLVED] smb client v4. against samba server 3.x
Rowland penny
rpenny at samba.org
Mon Oct 7 09:20:41 UTC 2019
On 07/10/2019 09:59, Andrea Zagli via samba wrote:
> Il giorno lun 7 ott 2019, 10:05:27, Rowland penny via samba ha scritto:
>
>> On 07/10/2019 07:35, Andrea Zagli wrote:
>>> hi
>>>
>>> i'm very sorry for this private mail, instead of using the mailing
>>> list, but i cannot find anymore your reply on my mail client
>>>
>>> sorry again
>>>
>>>
>>>
>>> On 04/10/2019 13:59, Andrea Zagli via samba wrote:
>>>> hi
>>>>
>>>> i'm using debian sid
>>> Hmm, using experimental software
>>>>
>>>> samba version 4.11
>>>>
>>>> today trying to connect to samba server 3.x stopped to work
>>>
>>> and yet also using dead software ?
>>>
>>> Also when you say 3.x, what is the 'x', from my understanding SMBv2
>>> only
>>> became experimental with 3.6.0
>>>
>>>>
>>>> i'm quite sure that the problem is the deprecation of smbv1
>>> This is undoubtedly the problem.
>>>>
>>>> indeed i can mount a share using the option vers=1.0 in mount.cifs
>>> This sort of proves it.
>>>>
>>>> but i cannot use smbclient to browser the server; i get error on
>>>> protocol negotiation
>>>>
>>>> i tried using -m SMB2 and NT1 but without success
>>>>
>>>> and also nautilus doesn't work (i found on internet that it fixes
>>>> using "max|min client protocol = SMB2" in smb.conf but not for me)
>>>>
>>> But this seems to say it isn't
>>>
>>> Can you tell us the exact Samba version of '3.x' and post the smb.conf
>>> of the machine you are trying to connect to.
>>>
>>> Rowland
>>>
>>>
>>>
>>> the exact version of samba server is 3.6.6 (on debian)
>>>
>>> and that's the smb.conf (only global section)
>>>
>>> workgroup = MYDOM
>>> server string = %h server
>>> passdb backend = ldapsam:"ldap://127.0.0.1
>>> passwd program = /usr/sbin/smbldap-passwd %u
>>> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
>>> *all*authentication*token*updated*
>>> lanman auth = Yes
>>> client lanman auth = Yes
>>> syslog = 0
>>> log file = /var/log/samba/log.%m
>>> max log size = 1000
>>> name resolve order = wins lmhosts host bcast
>>> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
>>> SO_RCVBUF=8192
>>> load printers = No
>>> add user script = /usr/sbin/smbldap-useradd -a -G "Domain
>>> Users" "%u"
>>> delete user script = /usr/sbin/smbldap-userdel -r "%u"
>>> add group script = /usr/sbin/smbldap-groupadd -a "%g"
>>> delete group script = /usr/sbin/smbldap-groupdel "%g"
>>> add user to group script = /usr/sbin/smbldap-groupmod -m
>>> "%u" "%g"
>>> delete user from group script = /usr/sbin/smbldap-groupmod
>>> -x "%u" "%g"
>>> set primary group script = /usr/sbin/smbldap-usermod -g "%g"
>>> "%u"
>>> add machine script = /usr/sbin/smbldap-useradd -w -G "Domain
>>> Computers" -i "%u"
>>> logon script = logon.bat
>>> logon path =
>>> logon home =
>>> domain logons = Yes
>>> os level = 255
>>> preferred master = Yes
>>> domain master = Yes
>>> dns proxy = No
>>> wins support = Yes
>>> ldap admin dn = cn=admin,dc=mydom,dc=fi,dc=it
>>> ldap delete dn = Yes
>>> ldap group suffix = ou=Groups
>>> ldap machine suffix = ou=Computers
>>> ldap passwd sync = yes
>>> ldap suffix = dc=mydom,dc=fi,dc=it
>>> ldap ssl = no
>>> ldap user suffix = ou=Users
>>> panic action = /usr/share/samba/panic-action %d
>>> read only = No
>>> create mask = 0771
>>> force security mode = 0770
>>> directory mask = 0770
>>> hide dot files = No
>>> hide unreadable = Yes
>>> map hidden = Yes
>>>
>>>
>>>
>> I received the following in a private email, so back to the list ;-)
>>
>> [quote]
>>
>>
>> hi
>>
>> i'm very sorry for this private mail, instead of using the mailing
>> list, but i cannot find anymore your reply on my mail client
>>
>> sorry again
>>
>>
>>
>> On 04/10/2019 13:59, Andrea Zagli via samba wrote:
>>> hi
>>>
>>> i'm using debian sid
>> Hmm, using experimental software
>>>
>>> samba version 4.11
>>>
>>> today trying to connect to samba server 3.x stopped to work
>>
>> and yet also using dead software ?
>>
>> Also when you say 3.x, what is the 'x', from my understanding SMBv2 only
>> became experimental with 3.6.0
>>
>>>
>>> i'm quite sure that the problem is the deprecation of smbv1
>> This is undoubtedly the problem.
>>>
>>> indeed i can mount a share using the option vers=1.0 in mount.cifs
>> This sort of proves it.
>>>
>>> but i cannot use smbclient to browser the server; i get error on
>>> protocol negotiation
>>>
>>> i tried using -m SMB2 and NT1 but without success
>>>
>>> and also nautilus doesn't work (i found on internet that it fixes
>>> using "max|min client protocol = SMB2" in smb.conf but not for me)
>>>
>> But this seems to say it isn't
>>
>> Can you tell us the exact Samba version of '3.x' and post the smb.conf
>> of the machine you are trying to connect to.
>>
>> Rowland
>>
>>
>>
>> the exact version of samba server is 3.6.6 (on debian)
>>
>> and that's the smb.conf (only global section)
>>
>> workgroup = MYDOM
>> server string = %h server
>> passdb backend = ldapsam:"ldap://127.0.0.1
>> passwd program = /usr/sbin/smbldap-passwd %u
>> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
>> *all*authentication*token*updated*
>> lanman auth = Yes
>> client lanman auth = Yes
>> syslog = 0
>> log file = /var/log/samba/log.%m
>> max log size = 1000
>> name resolve order = wins lmhosts host bcast
>> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
>> SO_RCVBUF=8192
>> load printers = No
>> add user script = /usr/sbin/smbldap-useradd -a -G "Domain
>> Users" "%u"
>> delete user script = /usr/sbin/smbldap-userdel -r "%u"
>> add group script = /usr/sbin/smbldap-groupadd -a "%g"
>> delete group script = /usr/sbin/smbldap-groupdel "%g"
>> add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
>> "%g"
>> delete user from group script = /usr/sbin/smbldap-groupmod -x
>> "%u" "%g"
>> set primary group script = /usr/sbin/smbldap-usermod -g "%g"
>> "%u"
>> add machine script = /usr/sbin/smbldap-useradd -w -G "Domain
>> Computers" -i "%u"
>> logon script = logon.bat
>> logon path =
>> logon home =
>> domain logons = Yes
>> os level = 255
>> preferred master = Yes
>> domain master = Yes
>> dns proxy = No
>> wins support = Yes
>> ldap admin dn = cn=admin,dc=mydom,dc=fi,dc=it
>> ldap delete dn = Yes
>> ldap group suffix = ou=Groups
>> ldap machine suffix = ou=Computers
>> ldap passwd sync = yes
>> ldap suffix = dc=mydom,dc=fi,dc=it
>> ldap ssl = no
>> ldap user suffix = ou=Users
>> panic action = /usr/share/samba/panic-action %d
>> read only = No
>> create mask = 0771
>> force security mode = 0770
>> directory mask = 0770
>> hide dot files = No
>> hide unreadable = Yes
>> map hidden = Yes
>>
>> [/quote]
>>
>> There have been some changes since 3.6.x (which nobody should be
>> using now).
>>
>> On 3.6.x , the default for 'ntlm auth' was 'yes', it is now 'no' on
>> 4.11.0
>>
>> From 4.11.0 the defaults for 'client max protocol' and 'server max
>> protocol' were both changed to 'SMB2_02', on 3.6.x it was 'CORE'
>>
>> I think you should be able to work out how to fix your minor problem,
>> but not your major problem, you need to upgrade to AD.
>>
>> Microsoft has broken NT4-style domains (entirely by accident) twice
>> to my knowledge, they fixed them, but they might not next time. You
>> are also using smbldap-tools, this also appears to be a dead project.
>>
>> Rowland
>
>
> setting "client min protocol = CORE" solved the problem (both for
> smbclient and nautilus)
>
> thanks a lot for your support
>
> (unfortunately moving to samba 4.x and AD is a very slow work in
> progress, due to the lack of time)
>
Glad you fixed your problem, but I would strongly advise you to find the
time to test the AD upgrade, you may come in one morning to find that
nothing works any more because a Microsoft update has permanently
removed SMBv1, or a Perl update has broken smbldap-tools.
Rowland
More information about the samba
mailing list