[Samba] Windows 10 cannot connect without SMB1

Reindl Harald h.reindl at thelounge.net
Tue Mar 2 14:25:15 UTC 2021 


Am 02.03.21 um 14:55 schrieb K.R. Foley:
> 
> 
> On 2021-03-02 05:47, Reindl Harald via samba wrote:
>> Am 01.03.21 um 22:41 schrieb Roy Eastwood via samba:
>>> On 01 March 2021 18:08 Gregory Sloop wrote:
>>>> I haven't followed this thread closely at all - but how about simply 
>>>> really
>>> limiting
>>>> the players.
>>>> Reduce the network to just the DC's and client that's supposed to 
>>>> join the
>>>> domain those DC's hold.
>>>>
>>>> Unplug everything else from the network.
>>>>
>>> Yes I agree;  In an earlier post the OP mentioned that the clients 
>>> and the
>>> server were on separate subnets connected by VPN;   if so I would 
>>> connect a
>>> Windows 10 client directly to the same subnet as the DC and see if a 
>>> join works
>>> OK. If it does it would implicate the VPN etc is blocking SMB2/3 
>>> protocols.
>>
>> broad cast stuff typically don't make it over VPN and frankly i find
>> it somehow pervert to *start* a new setup with the one and only client
>> on a VPN instead build up the network step-by-step
>>
>> adding additional layers from the begin is always a terrible idea
>> unless you have much luck and everything works fine out-of-the-box
>>
> 
> Initially I started testing with two VMs on the same private network, a 
> Windows client and a Linux VM running Samba 4.11.1. These VMs were/are 
> not physically isolated, but they are on a separate subnet with no 
> routing to/from any other subnet. I have to work in this environment 
> because they are not physical PCs. I got this working, but it is 
> possible that they might have been communicating via SMB1. I then 
> brought up an AWS instance because that is where the initial Samba 
> server will reside (that is why there are different subnets and the 
> VPN). Configured everything, but with 4.11.13. In the meantime the 
> Windows VM has been updated. Now it won't support SMB1 and now my 
> problems start.
> 
> Last night, I went back to my initial test VM for the Samba server. The 
> two VMs are on a separate subnet with no routing to/from any other 
> network and the same problem persists. I get the exact same errors. The 
> client still thinks that the server is trying to use SMB1.
> 
> Again there is no routing between this subnet and any other subnet. 
> However, the VMs are not physically isolated. This is not really 
> possible in the current environment. There is an older Samba NT4 PDC on 
> the same ESXI with the test VMs, but there is no IP routing and also the 
> domain names are different. Is it possible that this is causing a problem?

why would it not be possible in a virtualized environment to physically 
isolate things?

nothing easier than that by just place them on a virtual vswitch with no 
physical NIC assigend and for operational tasks just use the vm console 
like you would sit in front of a physical machine

More information about the samba mailing list