[Samba] Windows 10 cannot connect without SMB1

K. R. Foley kr at cybsft.com
Sun Feb 28 14:38:51 UTC 2021 

Hi,

I have attached my smb.conf.

Regards,

K. R. Foley

On 2/28/21 5:49 AM, Rowland penny via samba wrote:
> On 28/02/2021 03:47, K. R. Foley via samba wrote:
>> Hi,
>>
>> I cannot get Windows 10 to connect to my Samba server without SMB1.
>>
>>
>> I get the following error when I try to join Windows 10 client to 
>> Samba 4.11.13 AD. I get the following error on the client:
>>
>> "The following error occurred attempting to join the domain 
>> 'local.richardshapiro.com':
>>
>> You can't connect to the file share because it's not secure. This 
>> share requires the obsolete SMB1 protocol, which is unsafe and could 
>> expose your system to attack. Your system requires SMB2 or higher. 
>> For more info on resolving this issue, see 
>> https://go.microsoft.com/fwlink/?linkid=852747"
>>
>>
>> I get  the following on the server:
>>
>> "Feb 27 20:43:06 ss-prod smbd[7323]: [2021/02/27 20:43:06.043958, 0, 
>> pid=7323, effective(0, 0), real(0, 0)] 
>> ../../source3/smbd/negprot.c:593(reply_negprot)
>> Feb 27 20:43:06 ss-prod smbd[7323]:  negprot got no protocols"
>>
>>
>> If I enable SMB1 on the Windows  10 client it can join the domain 
>> just fine. Without SMB1, it fails every time. I have tried numerous 
>> Samba configuration options on the Samba server, but none work.
>>
>> Server info:
>>
>> CentOS Linux release 7.9.2009
>>
>> [root at ss-prod packages]# uname -a
>> Linux ss-prod.rsa.richardshapiro.com 3.10.0-1160.15.2.el7.x86_64 #1 
>> SMP Wed Feb 3 15:06:38 UTC 2021 x86_64 x86_64 x86_64 GNU/Linu
>>
>> Samba 4.11.13 built from source
>>
>> I have tried numerous options on the server:
>>
>>         server max protocol = SMB2
>>         #min protocol = SMB2
>> #       min protocol = SMB2
>> #       server min protocol = NT1
>>         #server min protocol = SMB2_10
>>         #server max protocol = SMB3
>>         #protocol = SMB
>>
>>
>> Shouldn't 4.11.13 support SMB2 or higher?
>>
> It does, can you post your smb.conf
>
> Rowland
>
>
>
-------------- next part --------------
# Global parameters
[global]
	netbios name = SS-PROD
	realm = LOCAL.RICHARDSHAPIRO.COM
	server role = active directory domain controller
	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
	workgroup = LOCAL
	idmap_ldb:use rfc2307 = yes
	log level = 10
	server max protocol = SMB2
	#min protocol = SMB2
#	min protocol = SMB2
#	server min protocol = NT1
	#server min protocol = SMB2_10
	#server max protocol = SMB3
	#protocol = SMB2
[sysvol]
	path = /usr/local/samba/var/locks/sysvol
	read only = No

[netlogon]
	path = /usr/local/samba/var/locks/sysvol/local.richardshapiro.com/scripts
	read only = No

More information about the samba mailing list