[Samba] What is needed to allow Network Browsing of the file server in Windows

[Nick Howitt]

On 28/09/2020 15:21, Rowland penny via samba wrote:
> 
> On 28/09/2020 14:52, Nick Howitt via samba wrote:
>>
>>
>> On 28/09/2020 12:36, Rowland penny via samba wrote:
>>>
>>> On 28/09/2020 12:01, Nick Howitt via samba wrote:
>>>> I am using Samba as a simple file server but I cannot browse its 
>>>> shares in Windows Explorer. I do not use SMB1. Am I missing a trick 
>>>> or is it not possible without SMB1?
>>> No you are not missing a trick, Network Browsing requires SMBv1. 
>>> Windows now uses Network Discovery instead, you should be able to use 
>>> this instead: https://github.com/christgau/wsdd
>>>>
>>>> I am using ClearOS7 with the Centos7 4.10.4 samba package.
>>>
>>> Samba is starting to remove everything to do with SMBv1, 4.13.0 (just 
>>> released) has deprecated a few of the parameters required for a PDC, 
>>> so can I suggest you upgrade to Samba AD as soon as possible, this 
>>> will mean using non distro packages or changing distro, because you 
>>> cannot provision an AD DC on the Centos packages.
>>>
>>> Rowland
>>>
>> Thanks. wsdd seems to do the trick.
>>
>> I'm afraid I can't upgrade Samba as I am stuck with what upstream 
>> supply, so it is what I need to be able to support. ClearOS itself 
>> will need quite a rework to handle an AD/DC as it also does file 
>> serving and has a fair amount of stuff integrated with OpenLDAP 
>> including a few schema additions. Really the only feasible stage to do 
>> an upgrade would be when they change to 8.x. Even then, the easiest 
>> route would be to keep going with the current file server set up and 
>> run an AD/DC in docker with something like 
>> https://github.com/Fmstrat/samba-domain then join the server to the 
>> docker domain. You would hate this as it you strongly recommend (for 
>> understandable reasons) keeping an AD/DC on a separate machine. 
>> Unfortunately the ClearOS concept was for an all-in-one box acting as 
>> a router and server. Thankfully I am not a system architect and 
>> someone else is going to have to come up with the system design.
>> Nick
>>
>>
> You do not seem to understand, SMBv1 is insecure and the first stage (as 
> far as Samba is concerned) is to deprecate SMBv1, the next stage will be 
> to remove it. Now this isn't likely to happen overnight but it could be 
> Samba 4.15.0, at which point your PDC will have virtually nothing to 
> talk to, because I am fairly sure that when Samba removes SMBv1, 
> Microsoft will do the same.
> 
> ClearOS is based on RHEL and RHEL doesn't seem to want an AD DC, so 
> ClearOS (and Centos) are unlikely to have one either (unless they break 
> with RHEL).
> 
> When SMBv1 is removed, you will probably have three options. Continue 
> with ClearOS using a version of Samba that is unlikely to get updates 
> and has limited clients, switch to freeIPA (RHEL 8 no longer comes with 
> openldap and smbldap-tools) or change distro to a Debian based one.
> 
> I personally think it is better to decide now, rather than waiting until 
> you are forced to make a choice.
> 
> Rowland
> 
> 
Yes, I am aware of the issues. I don't use smb1 or domains so I should 
be able to live with the current product.
For customers who use NT4 domains things are a little more difficult. 
Currently you can still use them with 4.10 without SMB1, but you said in 
earlier correspondence that you needed SMB1 but I am not sure with what 
level of Samba. This is the first thing that scares me (a lot).
It will be interesting to see what upstream do, bearing in mind they are 
still on 4.10. I am very concerned about the future and would really 
like to see ClearOS move to v8 when everything is up for grabs. There is 
too much baggage in 7.x to upgrade as there is too much other stuff 
built into the O/S which would need refactoring, as I was trying to 
point out. Also, if they push an upgrade to AD/DC it would have to be an 
automatic push converting over existing NT4 domains and I am not sure 
this is a possibility, or even safe to force on clients.

Nick