[Samba] [SOLVED] smb client v4. against samba server 3.x

Rowland penny rpenny at samba.org
Mon Oct 7 09:20:41 UTC 2019


On 07/10/2019 09:59, Andrea Zagli via samba wrote:
> Il giorno lun 7 ott 2019, 10:05:27, Rowland penny via samba ha scritto:
>
>> On 07/10/2019 07:35, Andrea Zagli wrote:
>>> hi
>>>
>>> i'm very sorry for this private mail, instead of using the mailing 
>>> list, but i cannot find anymore your reply on my mail client
>>>
>>> sorry again
>>>
>>>
>>>
>>> On 04/10/2019 13:59, Andrea Zagli via samba wrote:
>>>> hi
>>>>
>>>> i'm using debian sid
>>> Hmm, using experimental software
>>>>
>>>> samba version 4.11
>>>>
>>>> today trying to connect to samba server 3.x stopped to work
>>>
>>> and yet also using dead software ?
>>>
>>> Also when you say 3.x, what is the 'x', from my understanding SMBv2 
>>> only
>>> became experimental with 3.6.0
>>>
>>>>
>>>> i'm quite sure that the problem is the deprecation of smbv1
>>> This is undoubtedly the problem.
>>>>
>>>> indeed i can mount a share using the option vers=1.0 in mount.cifs
>>> This sort of proves it.
>>>>
>>>> but i cannot use smbclient to browser the server; i get error on 
>>>> protocol negotiation
>>>>
>>>> i tried using -m SMB2 and NT1 but without success
>>>>
>>>> and also nautilus doesn't work (i found on internet that it fixes 
>>>> using "max|min client protocol = SMB2" in smb.conf but not for me)
>>>>
>>> But this seems to say it isn't
>>>
>>> Can you tell us the exact Samba version of '3.x' and post the smb.conf
>>> of the machine you are trying to connect to.
>>>
>>> Rowland
>>>
>>>
>>>
>>> the exact version of samba server is 3.6.6 (on debian)
>>>
>>> and that's the smb.conf (only global section)
>>>
>>>        workgroup = MYDOM
>>>         server string = %h server
>>>         passdb backend = ldapsam:"ldap://127.0.0.1
>>>         passwd program = /usr/sbin/smbldap-passwd %u
>>>         passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
>>> *all*authentication*token*updated*
>>>         lanman auth = Yes
>>>         client lanman auth = Yes
>>>         syslog = 0
>>>         log file = /var/log/samba/log.%m
>>>         max log size = 1000
>>>         name resolve order = wins lmhosts host bcast
>>>         socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 
>>> SO_RCVBUF=8192
>>>         load printers = No
>>>         add user script = /usr/sbin/smbldap-useradd -a -G "Domain 
>>> Users" "%u"
>>>         delete user script = /usr/sbin/smbldap-userdel -r "%u"
>>>         add group script = /usr/sbin/smbldap-groupadd -a "%g"
>>>         delete group script = /usr/sbin/smbldap-groupdel "%g"
>>>         add user to group script = /usr/sbin/smbldap-groupmod -m 
>>> "%u" "%g"
>>>         delete user from group script = /usr/sbin/smbldap-groupmod 
>>> -x "%u" "%g"
>>>         set primary group script = /usr/sbin/smbldap-usermod -g "%g" 
>>> "%u"
>>>         add machine script = /usr/sbin/smbldap-useradd -w -G "Domain 
>>> Computers" -i "%u"
>>>         logon script = logon.bat
>>>         logon path =
>>>         logon home =
>>>         domain logons = Yes
>>>         os level = 255
>>>         preferred master = Yes
>>>         domain master = Yes
>>>         dns proxy = No
>>>         wins support = Yes
>>>         ldap admin dn = cn=admin,dc=mydom,dc=fi,dc=it
>>>         ldap delete dn = Yes
>>>         ldap group suffix = ou=Groups
>>>         ldap machine suffix = ou=Computers
>>>         ldap passwd sync = yes
>>>         ldap suffix = dc=mydom,dc=fi,dc=it
>>>         ldap ssl = no
>>>         ldap user suffix = ou=Users
>>>         panic action = /usr/share/samba/panic-action %d
>>>         read only = No
>>>         create mask = 0771
>>>         force security mode = 0770
>>>         directory mask = 0770
>>>         hide dot files = No
>>>         hide unreadable = Yes
>>>         map hidden = Yes
>>>
>>>
>>>
>> I received the following in a private email, so back to the list ;-)
>>
>> [quote]
>>
>>
>> hi
>>
>> i'm very sorry for this private mail, instead of using the mailing 
>> list, but i cannot find anymore your reply on my mail client
>>
>> sorry again
>>
>>
>>
>> On 04/10/2019 13:59, Andrea Zagli via samba wrote:
>>> hi
>>>
>>> i'm using debian sid
>> Hmm, using experimental software
>>>
>>> samba version 4.11
>>>
>>> today trying to connect to samba server 3.x stopped to work
>>
>> and yet also using dead software ?
>>
>> Also when you say 3.x, what is the 'x', from my understanding SMBv2 only
>> became experimental with 3.6.0
>>
>>>
>>> i'm quite sure that the problem is the deprecation of smbv1
>> This is undoubtedly the problem.
>>>
>>> indeed i can mount a share using the option vers=1.0 in mount.cifs
>> This sort of proves it.
>>>
>>> but i cannot use smbclient to browser the server; i get error on 
>>> protocol negotiation
>>>
>>> i tried using -m SMB2 and NT1 but without success
>>>
>>> and also nautilus doesn't work (i found on internet that it fixes 
>>> using "max|min client protocol = SMB2" in smb.conf but not for me)
>>>
>> But this seems to say it isn't
>>
>> Can you tell us the exact Samba version of '3.x' and post the smb.conf
>> of the machine you are trying to connect to.
>>
>> Rowland
>>
>>
>>
>> the exact version of samba server is 3.6.6 (on debian)
>>
>> and that's the smb.conf (only global section)
>>
>>        workgroup = MYDOM
>>         server string = %h server
>>         passdb backend = ldapsam:"ldap://127.0.0.1
>>         passwd program = /usr/sbin/smbldap-passwd %u
>>         passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
>> *all*authentication*token*updated*
>>         lanman auth = Yes
>>         client lanman auth = Yes
>>         syslog = 0
>>         log file = /var/log/samba/log.%m
>>         max log size = 1000
>>         name resolve order = wins lmhosts host bcast
>>         socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 
>> SO_RCVBUF=8192
>>         load printers = No
>>         add user script = /usr/sbin/smbldap-useradd -a -G "Domain 
>> Users" "%u"
>>         delete user script = /usr/sbin/smbldap-userdel -r "%u"
>>         add group script = /usr/sbin/smbldap-groupadd -a "%g"
>>         delete group script = /usr/sbin/smbldap-groupdel "%g"
>>         add user to group script = /usr/sbin/smbldap-groupmod -m "%u" 
>> "%g"
>>         delete user from group script = /usr/sbin/smbldap-groupmod -x 
>> "%u" "%g"
>>         set primary group script = /usr/sbin/smbldap-usermod -g "%g" 
>> "%u"
>>         add machine script = /usr/sbin/smbldap-useradd -w -G "Domain 
>> Computers" -i "%u"
>>         logon script = logon.bat
>>         logon path =
>>         logon home =
>>         domain logons = Yes
>>         os level = 255
>>         preferred master = Yes
>>         domain master = Yes
>>         dns proxy = No
>>         wins support = Yes
>>         ldap admin dn = cn=admin,dc=mydom,dc=fi,dc=it
>>         ldap delete dn = Yes
>>         ldap group suffix = ou=Groups
>>         ldap machine suffix = ou=Computers
>>         ldap passwd sync = yes
>>         ldap suffix = dc=mydom,dc=fi,dc=it
>>         ldap ssl = no
>>         ldap user suffix = ou=Users
>>         panic action = /usr/share/samba/panic-action %d
>>         read only = No
>>         create mask = 0771
>>         force security mode = 0770
>>         directory mask = 0770
>>         hide dot files = No
>>         hide unreadable = Yes
>>         map hidden = Yes
>>
>> [/quote]
>>
>> There have been some changes since 3.6.x (which nobody should be 
>> using now).
>>
>> On 3.6.x , the default for 'ntlm auth' was 'yes', it is now 'no' on 
>> 4.11.0
>>
>> From 4.11.0 the defaults for 'client max protocol' and 'server max 
>> protocol' were both changed to 'SMB2_02', on 3.6.x it was 'CORE'
>>
>> I think you should be able to work out how to fix your minor problem, 
>> but not your major problem, you need to upgrade to AD.
>>
>> Microsoft has broken NT4-style domains (entirely by accident) twice 
>> to my knowledge, they fixed them, but they might not next time. You 
>> are also using smbldap-tools, this also appears to be a dead project.
>>
>> Rowland
>
>
> setting "client min protocol = CORE" solved the problem (both for 
> smbclient and nautilus)
>
> thanks a lot for your support
>
> (unfortunately moving to samba 4.x and AD is a very slow work in 
> progress, due to the lack of time)
>
Glad you fixed your problem, but I would strongly advise you to find the 
time to test the AD upgrade, you may come in one morning to find that 
nothing works any more because a Microsoft update has permanently 
removed SMBv1, or a Perl update has broken smbldap-tools.

Rowland





More information about the samba mailing list