[Samba] smb browse and V1

[Rowland Penny]

On 20/10/2022 16:53, Peter Carlson via samba wrote:
> I am getting the following error when using Nautilis / Nemo on Gnome 
> desktop, ubuntu 22.04 and connection to just smb://filesvr
> 
>     gvfsd[8049]: smbXcli_negprot_smb1_done: No compatible protocol
>     selected by server.
>     failed to retrieve share list from server: connection refused
> 
> 
> the orginal domain was created years ago (on Windows server) and was 
> named <company>.local  This was kept during all migrations since.  The 
> ADDC is now running on ubuntu 22.04 samba 4.15.9
> 
> gnome is desired because we will //probably// start using adsys to add 
> ubuntu GPOs  (/*unless someone here yells at me for even thinking it*/)

It is my understanding that you need sssd for adsys, so there is no 
point in running Samba as well.

> 
> What are my options?
> 1) use smb://filesvr/<sharname> to connect, requires that the share name 
> be known

You could do that, but as you say, you have to know where the share is 
and its name first.

> *2) use mount.cifs - not super user friendly for windows users using 
> xRDP server.  currently I have done mount.cifs and I create directory 
> ~/filesvr and place sym links to the shares.  This works great for a 
> small server with few shares, but is quickly un-scaleable

Windows usually maps shares to letters e.g. 'E:', but again, you have to 
know where the share is, or you need to add attributes to a users object 
in AD.

> 3) use kde - dolphin works, but their config files are harder to manage 
> using logon scripts / GPO, so not likely

KDE does seem to be aware that SMBv1 is going away, which is more than 
you can say for gnome.

> 4) lower min version to SMB1 - not likely to happen!

Before long (I hope) you will not have that option.

> Others: Are there other options that I am missing?

Samba has its own GPO tools, mostly written by David Mulder, perhaps you 
could have a look at them.

Rowland

> 
> Avahi:  I read the wiki about not naming .local  Just curious how will 
> conflicts with avahi show up?  I'm pretty sure avahi is not installed:
> ADDC:
> 
>     root at nc1:/etc/bind# apt search avahi | grep -i install
>     t3/jammy,now 0.8-5ubuntu5 amd64 [installed,automatic]
>     libavahi-common-data/jammy,now 0.8-5ubuntu5 amd64 [installed,automatic]
>     libavahi-common3/jammy,now 0.8-5ubuntu5 amd64 [installed,automatic]
> 
> 
> File Server:
> 
>     SDCP\peter at filesvr:~$ apt search avahi | grep -i install
>     ent3/jammy,now 0.8-5ubuntu5 amd64 [installed,automatic]
>     libavahi-common-data/jammy,now 0.8-5ubuntu5 amd64 [installed,automatic]
>     libavahi-common3/jammy,now 0.8-5ubuntu5 amd64 [installed,automatic]
> 
> 

ER, what do you think 'libavahi' is ?
If you use '.local', you will basically have two servers replying. I 
know that Microsoft used to recommend using '.local', but even they now 
say it is a bad idea.

> 
> Peter
> PS: I can list the shares with smbclient
> SDCP\peter at xrdp:~$ smbclient -L //filesvr
> Password for [peter at SA*****NT.LOCAL]:
> 
>      Sharename       Type      Comment
>      ---------       ----      -------
>      Test            Disk      test
>      BinaryData      Disk      Store for DB and Middleware
>      Ca*****nt   Disk      Ca*****nt Common Files
>      Ca*****nt-Accounting Disk      Ca*****nt Accounting Files
>      Ca*****nt-Secure Disk      Ca*****nt Secure Files
>      Dwayne-Secure   Disk      Dwayne Secure Files
>      Faxes-In        Disk      Fax Server Holding
>      Faxes-Out       Disk      Fax Server Holding
>      Software        Disk      Software Repository
>      FacilityPictures Disk      Facility Pictures
>      IPC$            IPC       IPC Service (filesvr server (Samba, Ubuntu))
> SMB1 disabled -- no workgroup available

Windows now uses Network Discovery instead of Network Browsing, there 
are a few servers available for Linux, do a search on 'wsdd'

Rowland