[Samba] Windows 10 cannot connect without SMB1

K. R. Foley kr at cybsft.com
Mon Mar 1 15:28:33 UTC 2021

On 3/1/21 9:17 AM, L.P.H. van Belle via samba wrote:
> Try this.
> disconnect all network drives from W10.
> open dos box
> net use L:  \\server.FQDN\share /user:username at REALM.TLD
> did that work?

No. I get

"System error 384 has  occurred."

"You can't connect to the file share because it's not secure. This share 
requires the obsolete SMB1 protocol, which is unsafe and could expose 
your system to attack.

Your system requires SMB2 or higher. For more info on resolving this 
issue, see: https://go.microsoft.com/fwlink/?linkid=852747"

This is the same error I get when I try to join the domain.

>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens K. R. Foley via
>> samba
>> Verzonden: maandag 1 maart 2021 16:05
>> Aan: Rowland penny; sambalist
>> Onderwerp: Re: [Samba] Windows 10 cannot connect without SMB1
>> On 3/1/21 8:40 AM, Rowland penny via samba wrote:
>>> On 01/03/2021 13:15, K. R. Foley wrote:
>>>> On 3/1/21 2:26 AM, Rowland penny via samba wrote:
>>>>> On 28/02/2021 21:23, K. R. Foley wrote:
>>>>>> On 2/28/21 2:52 PM, Rowland penny via samba wrote:
>>>>>>> On 28/02/2021 20:30, K. R. Foley wrote:
>>>>>>>> Contents of /etc/named.conf
>>>>>>>> # Global Configuration Options
>>>>>>>> options {
>>>>>>>>      # Forward queries that can not be answered from own zones
>>>>>>>>      # to these DNS servers:
>>>>>>>> #    forwarders {
>>>>>>>> #;
>>>>>>>> #;
>>>>>>>> #    };
>>>>>>> Are your clients using something else for their nameserver and if
>>>>>>> so, what ?
>>>>>> No. Currently only this server so I can control everything.
>>>>>>> If there is another nameserver is this forwarding the AD dns
>>>>>>> domain to the DC ?
>>>>>>> If none of the above applies and you want your clients to have
>>>>>>> internet access, uncomment the 'forwarders' lines.
>>>>>> The client already has access to the internet. The name server on
>>>>>> this server acts as a caching name server and resolves names
>>>>>> itself. That is why I have the forwarders disabled.
>>>>> Your DC must be authoritative for the AD dns domain and whilst your
>>>>> clients can use another dns server as a caching name server, the
>>>>> caching name server must forward anything  for your AD dns domain to
>>>>> a DC.
>>>>> Rowland
>>>> In case there was any misunderstanding due to my rattling on, the DC
>>>> is the only DNS that the client is pointing to. I uncommented the
>>>> forwarders section. Still the error persists.
>>>> kr
>>> Everything seems okay, just about the only other things I can think of
>>> are:
>>> Is a firewall getting in the way, AD uses a lot more ports than an
>>> NT4-style domain.
>>> How are you starting Samba, You should just be starting the 'samba'
>>> daemon which will start any other required daemons.
>>> Rowland
>> The firewall is disabled on the client PC. The client and the server are
>> on 2 separate subnets separated by a VPN. I am not aware of any
>> filtering going on between the two, but I can't say for sure without
>> checking. Is there a list of ports somewhere that I can check to make
>> sure that they are all being routed over the VPN? I have already checked
>> everything that I can see in netstat on the server.
>> Keep in mind that the client can join the domain fine if I enable SMB1
>> on the client. I don't want to use SMB1. That is why I am trying to
>> figure this out. The client seems to think that the server is asking for
>> SMB1.
>> Is it possible that I have something else mis-configured on the client?
>> Are there additional ports that are used by SMB2/3 that are not used by
>> SMB1? If so, what are they?
>> kr
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list