[Samba] SMB Multichannel not working?

Carter Sheehan csheehan at vestmark.com
Mon Feb 6 21:30:13 UTC 2023


Jeremy,

I've done some packet analysis between my two windows hosts, connecting via SMB and I am seeing basically the same behavior when connecting to Samba but my Get-SmbMultichannelConnection powershell command actually returns a result stating multichannel is enabled.

Here are two S3 object URLs for that two packet captures (both links will expire in 3 hours)

  *
Windows to Samba<https://csheehan-samba-troubleshooting-bucket.s3.us-east-1.amazonaws.com/client-to-samba-capture.pcapng?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEMX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQCPLor81XLANRtMNdpxlHiBkhYjmOegrWekxWRcubUP1QIhALsWjgKbeoydM17bBlIKRZf1XZxUN6s9jktnzLxsEKXIKvgDCE4QABoMODQ0MDY4NDE0NzU2IgwF735tbcew8Syax5cq1QOGqHQADMnTpxkgaFeTuyPtgsc9PRCCxTmXy5iVAWBEfaTEdJKeekq1skObVNXvGn%2BYE%2BQ5aE%2BILRU7FEjHTaHwoSuvryX7MyEz%2FDzZWVIpje2WBm7ofzacPRMGYgwpQ6F2psLIkpcEpeHSebV0Tt6Yi8a7%2BrIZtPKx8iSRXMx0yKXEr7IWxh%2FYOinAeOIfrg7SgQHpslIq12aAYTp2pIz3HCGFeavSLOnAA%2FCxSCb5yAhRipOiWoln0qv1gxy6eFvOASs6iIx9EHpdrq2%2FJCtGMLldYSI75%2ByzPJxzSNXBsaqK2ENW%2BzPHuW01klmufYV%2Fnihlo6wVyFfg%2Fpifd6B8DWlT49q9OnAwO8N0H7WRvicCIjyhl243l27nwH6NN3%2FsWRu2XbmVqBJ5Knj3dwi%2BnKzG6FjyZ7swojRB0ay488X58edldKAS%2B1anQQsdPFWOAvsaJyfKZbp1RwLX%2BFy8XIKYKx4fzh%2BfeJqlwDdVh4iwTkfBHSpoJ4jJsVuNEMKOFH0IgirF7LC2NMBO0ZykvCvQBXlC4iBAch5afdwItHVP%2B1cfKjKwOpD0A2zXNwkgupquR2AJFxvuYqpgKZnWXSkqwCwM5EnMBbAwlf6VFZVyYSVbMJXHhZ8GOpMCuvh2pM7vng7tloBj26sb7OCV2ijgvPOk0h7mxyZY6hdTAfUVAtJRttKIL6qL9mVfYW7tGTGXHwfvS2O7r3iwYjTflp8JAFtO%2Bkim%2B0an9DWAPqofqqGwlj1%2FEpdJxIXG3YstR9twcliM16kykELZt%2BUL6iRWAm5czTNj3Qt8OA37i3pExnZkPmaMbQ3%2FA1vGdYvi0vHOPXxRftLFk8EmbDQgmbgTMNv2OlHZEkZNWfxy%2BWEhodSYwcy5UG0I4cObWLQF9e2boN7fMCTTTY1hS0U%2F7SzStfl0Spn0yA33DBZlPBhvCcEnXmKzt67pokM42k2jMA54WdmBHni80GkQ7ULqL4Dg8SRVCN3dv%2Biu9pAtkY4%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20230206T212247Z&X-Amz-SignedHeaders=host&X-Amz-Expires=10800&X-Amz-Credential=ASIA4JBTF4USPJPXYIM3%2F20230206%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=59c345cada6e519b81ff0e69607515a86dcbb68f41db09acfa358dcb93e8c63f>
  *
Windows to Windows<https://csheehan-samba-troubleshooting-bucket.s3.us-east-1.amazonaws.com/windows-to-windows-capture.pcapng?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEMX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQCPLor81XLANRtMNdpxlHiBkhYjmOegrWekxWRcubUP1QIhALsWjgKbeoydM17bBlIKRZf1XZxUN6s9jktnzLxsEKXIKvgDCE4QABoMODQ0MDY4NDE0NzU2IgwF735tbcew8Syax5cq1QOGqHQADMnTpxkgaFeTuyPtgsc9PRCCxTmXy5iVAWBEfaTEdJKeekq1skObVNXvGn%2BYE%2BQ5aE%2BILRU7FEjHTaHwoSuvryX7MyEz%2FDzZWVIpje2WBm7ofzacPRMGYgwpQ6F2psLIkpcEpeHSebV0Tt6Yi8a7%2BrIZtPKx8iSRXMx0yKXEr7IWxh%2FYOinAeOIfrg7SgQHpslIq12aAYTp2pIz3HCGFeavSLOnAA%2FCxSCb5yAhRipOiWoln0qv1gxy6eFvOASs6iIx9EHpdrq2%2FJCtGMLldYSI75%2ByzPJxzSNXBsaqK2ENW%2BzPHuW01klmufYV%2Fnihlo6wVyFfg%2Fpifd6B8DWlT49q9OnAwO8N0H7WRvicCIjyhl243l27nwH6NN3%2FsWRu2XbmVqBJ5Knj3dwi%2BnKzG6FjyZ7swojRB0ay488X58edldKAS%2B1anQQsdPFWOAvsaJyfKZbp1RwLX%2BFy8XIKYKx4fzh%2BfeJqlwDdVh4iwTkfBHSpoJ4jJsVuNEMKOFH0IgirF7LC2NMBO0ZykvCvQBXlC4iBAch5afdwItHVP%2B1cfKjKwOpD0A2zXNwkgupquR2AJFxvuYqpgKZnWXSkqwCwM5EnMBbAwlf6VFZVyYSVbMJXHhZ8GOpMCuvh2pM7vng7tloBj26sb7OCV2ijgvPOk0h7mxyZY6hdTAfUVAtJRttKIL6qL9mVfYW7tGTGXHwfvS2O7r3iwYjTflp8JAFtO%2Bkim%2B0an9DWAPqofqqGwlj1%2FEpdJxIXG3YstR9twcliM16kykELZt%2BUL6iRWAm5czTNj3Qt8OA37i3pExnZkPmaMbQ3%2FA1vGdYvi0vHOPXxRftLFk8EmbDQgmbgTMNv2OlHZEkZNWfxy%2BWEhodSYwcy5UG0I4cObWLQF9e2boN7fMCTTTY1hS0U%2F7SzStfl0Spn0yA33DBZlPBhvCcEnXmKzt67pokM42k2jMA54WdmBHni80GkQ7ULqL4Dg8SRVCN3dv%2Biu9pAtkY4%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20230206T212311Z&X-Amz-SignedHeaders=host&X-Amz-Expires=10800&X-Amz-Credential=ASIA4JBTF4USPJPXYIM3%2F20230206%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=773cee62094fcbbb35a2496c395ac165b0cf26e1e21961e2f652f361bbab1579>


Carter Sheehan
Cloud Engineer
d: +1 (781) 224-7753
e: csheehan at vestmark.com

This e-mail and any attachments hereto, are intended for use by the addressee(s) only and may contain information that is confidential information of Vestmark, Inc. If you are not the intended recipient of this e-mail, or if you have otherwise received
this e-mail in error, please immediately notify me by telephone or by e-mail, and please permanently delete the original, any print outs and any copies of the foregoing. Any dissemination, distribution or copying of this e-mail is strictly prohibited.
________________________________
From: samba <samba-bounces at lists.samba.org> on behalf of Carter Sheehan via samba <samba at lists.samba.org>
Sent: Monday, February 6, 2023 3:31 PM
To: Jeremy Allison <jra at samba.org>
Cc: samba at lists.samba.org <samba at lists.samba.org>
Subject: Re: [Samba] SMB Multichannel not working?

Jeremy,

That's what is so vexxing about this, the SMB client in Windows Server 2019 has SMBv1 disabled by default. Using the articles you provided, I can confirm that SMBv1 is not enabled for the SMB server/client.


Carter Sheehan
Cloud Engineer
d: +1 (781) 224-7753
e: csheehan at vestmark.com

This e-mail and any attachments hereto, are intended for use by the addressee(s) only and may contain information that is confidential information of Vestmark, Inc. If you are not the intended recipient of this e-mail, or if you have otherwise received
this e-mail in error, please immediately notify me by telephone or by e-mail, and please permanently delete the original, any print outs and any copies of the foregoing. Any dissemination, distribution or copying of this e-mail is strictly prohibited.
________________________________
From: Jeremy Allison <jra at samba.org>
Sent: Monday, February 6, 2023 2:17 PM
To: Carter Sheehan <csheehan at vestmark.com>
Cc: samba at lists.samba.org <samba at lists.samba.org>
Subject: Re: [Samba] SMB Multichannel not working?


External Email
This email was NOT sent from someone at Vestmark


On Sun, Feb 05, 2023 at 09:11:41PM +0000, Carter Sheehan wrote:
> Jeremy,
> I am clearing the contents of the packet capture with my security team and
> I'll have it available to you some time tomorrow.
> Regarding protocol negotiation, I have tried using some of the available
> server/client min/max protocol config options for smb.conf hoping it would
> "force" the use of SMB3+ but I still see the same SMB/SMBv2 packets in a
> wireshark capture and both the client and server display the connection as
> using dialect 3_11, so that doesn't seem to have any impact whatsoever for
> me.

This is a clients feature I think, not controllable on the server-side.

When connecting to an unknown server a Windows client tries the SMB1->SMB2+
upgrade.

Just remove SMB1 from this client.

https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server<https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server><https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server<https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server>>

https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server#how-to-remove-smbv1-via-powershell<https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server#how-to-remove-smbv1-via-powershell><https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server#how-to-remove-smbv1-via-powershell<https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server#how-to-remove-smbv1-via-powershell>>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba<https://lists.samba.org/mailman/options/samba>


More information about the samba mailing list