[Samba] Windows 10 cannot connect without SMB1

K.R. Foley kr at cybsft.com
Thu Mar 4 20:55:08 UTC 2021 


On 2021-03-03 10:39, K.R. Foley wrote:
> On 2021-03-02 10:32, K.R. Foley via samba wrote:
>> On 2021-03-02 10:12, Rowland penny via samba wrote:
>>> On 02/03/2021 13:55, K.R. Foley via samba wrote:
>>>> 
>>>> Initially I started testing with two VMs on the same private 
>>>> network, a Windows client and a Linux VM running Samba 4.11.1. These 
>>>> VMs were/are not physically isolated, but they are on a separate 
>>>> subnet with no routing to/from any other subnet. I have to work in 
>>>> this environment because they are not physical PCs. I got this 
>>>> working, but it is possible that they might have been communicating 
>>>> via SMB1. I then brought up an AWS instance because that is where 
>>>> the initial Samba server will reside (that is why there are 
>>>> different subnets and the VPN). Configured everything, but with 
>>>> 4.11.13. In the meantime the Windows VM has been updated. Now it 
>>>> won't support SMB1 and now my problems start.
>>>> 
>>>> Last night, I went back to my initial test VM for the Samba server. 
>>>> The two VMs are on a separate subnet with no routing to/from any 
>>>> other network and the same problem persists. I get the exact same 
>>>> errors. The client still thinks that the server is trying to use 
>>>> SMB1.
>>>> 
>>>> Again there is no routing between this subnet and any other subnet. 
>>>> However, the VMs are not physically isolated. This is not really 
>>>> possible in the current environment. There is an older Samba NT4 PDC 
>>>> on the same ESXI with the test VMs, but there is no IP routing and 
>>>> also the domain names are different. Is it possible that this is 
>>>> causing a problem?
>>>> 
>>> 
>>> OK, I have downloaded the latest Win10 ISO, installed it in a VM and
>>> it joined my Samba 4.13.2 AD domain. I am now of the opinion that it
>>> is something in your setup that is causing this and I think it may be
>>> your PDC which relies on two things. SMBv1 and netbios. Netbios does
>>> not use dns, so this may be replying to the Win10 search for a DC.
>>> 
>>> Rowland
>>> 
>> 
>> Thanks. This evening I am going to try isolating the VMs completely.
>> If I am unable to isolate them completely, I may just turn off the PDC
>> momentarily to test. I will report back with my results.
>> 
> 
> Just a quick update on this. I was able to test with a freshly
> installed Windows 10 VM last night that was not updated to the latest
> patch and it was able to join the AD without issue.
> 
> I was not able to isolate the other VM and Samba server last night,
> but should be able to this evening. So, I will isolate them on a
> vswitch to see if the old PDC is in fact causing the join problem with
> the original test VM or if it is something else.
> 

I have additional results to report. I isolated the initial Windows 10 
VM and the Samba server VM on a vswitch with no uplink interfaces. I 
still could not join the Windows 10 VM to the AD. So, it does not appear 
to be a problem with the old PDC or some outside interference. Just for 
verification I also took the freshly installed Windows 10 VM and was 
able to join the AD on that same Samba server VM. So, there is something 
broken, but at this point it seems to be the something on the Windows 
VM.

The freshly installed Windows 10 VM (joins)
Windows 10 Pro
2004
19041.804

The previous Windows 10 VM (doesn't join)
Windows 10 pro
20H2
19042.844

I am not sure if it is the patchlevel of the two VMs or something else 
causing the problem.

Thanks.
kr

More information about the samba mailing list