[Samba] Problem with network browsing

Michael Jones samba at jonesmz.com
Mon Jul 13 13:39:36 UTC 2020 

On Mon, Jul 13, 2020 at 8:11 AM Rowland penny via samba <
samba at lists.samba.org> wrote:

> On 13/07/2020 13:54, Michael Jones wrote:
> >
> > However, the samba logs could have a note in nmbd saying "We detect
> > that you have ADC security enabled, and min protocol of SMB2 / SMB3,
> > as a result, network neighborhood most likely will not work due
> > to.......".
> No, Network Neighborhood will not work because SMBv1 is turned off and
> this is well known, so no reason to clutter the logs any further ;-)
>

I'm not trying to be contrarian here, but really this was not well known.

Several hours of reading documentation, both on samba.org, as well as
various tech blogs, and using web searches, and I did not see anything that
led me to this conclusion.


> > Am I to understand that the servers should still be showing up in the
> > network list, because of the AD DC's DNS ?
> No, Network Browsing depends on SMBv1 and browsing is another way of
> linking ipaddresses to hostnames, this has been superseded by dns in AD.
> Windows now uses Network Discovery.
> >
> >
> >     I would remove these lines from the DC:
> >
> >     server min protocol        = SMB3 # SMB2_02
> >     client min protocol        = SMB3 # SMB2_02
> >
> >
> > Could you elaborate?
> Sorry, the parts after the '#' are the defaults, you do not need those
> lines
> >
> >
> > This was necessary to get things working on my setup a few years ago,
> > around Samba 4.4. Has something changed that makes this unneeded?
> No, you never needed them
>

I'm sorry, but clearly I did. Unfortunately I do not remember the exact
details, because it was several years ago. But I distinctly remember
needing to enable these lines on my DC and my members in order to get UIDs
to work correctly.

I tend to be pretty fastidious about not including configuration lines that
I don't have a reason for. I don't always document my reason in the config
file (though, clearly I should, so I could remember why it was needed in
the DC), but I would have removed these lines, and tried my use-case again,
after I got things working the way I wanted. Since they're in the config,
they were needed at the time. Whether they are still needed is not
something I've investigated.

If the setting has no effect, or is counter-productive / harmful, then
samba should notify the administrator at startup.


> >
> >
> >     They either have no place on a DC, or actually stop your DC from
> >     working
> >     correctly.
> >
> >
> > Then why is Samba not warning about these being problematic ?
>


> The idea is that the user will read 'man smb.conf' before adding
> anything to smb.conf, so that the logs don't get spammed.
>

This is a bad assumption, as software as an industry has a well deserved
reputation of having incorrect, incomplete, or both, documentation in all
corners. The advice of "RTFM" is only applicable if the manual actually has
the accurate information necessary to accomplish the task. The task has to
be "The user or admin accomplishes their end goal, including unspoken
reasonable assumptions related to that end goal". The samba documentation
does a very poor job at this, being almost exclusively an enumeration of
facts, and nearly no explanation as to the reasoning behind the options,
the way the options are handled, or recommendations on configuration style,
options to use together, or really anything else.

The documentation for smb.conf is incomplete at best, since I did read the
man page, dozens of times, over the years, and have never felt like I had a
good understanding of how samba will handle the options described there.

If these options *actively* cause problems in the situation that I've used
them in, then no amount of documentation is sufficient for people to
understand the full relationship between configuration options. The program
code needs to actually detect problematic situations and warn about them,
or people will continue to configure Samba incorrectly over, and over.

While it shouldn't be the case that someone's experience is all that
relevant, I'm not some college kid. I've been using Samba for well over a
decade at work and home, and the majority of my experience with Samba has
been that the documentation from "man smb.conf" is useful only up to the
point where it'll tell you the list of options that exist and some vague
hints on what they're intended to be useful for. Past that, it's
trial-and-error, or dig through the code, to actually manage an
understanding of what the configuration needs to look like to accomplish my
goal.

> > Does anyone know why the "smbtree" program is failing to find any of the
> > other services I have running?
> >
> > Why is it printing: "validator failed" to the log?
>
> Because you are not using SMBv1

Ah. Another situation where the log could have a warning about config
options actively precluding operation.



Well, either way, I appreciate everyone's help with this problem. Thank you.

More information about the samba mailing list