browsing problem with minimum protocol SMB2

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

browsing problem with minimum protocol SMB2

Samba - General mailing list

I have a classic NT4 domain with the PDC also the wins server.  With the
recent ransomware problem, we're trying to remove SMB1 and below
protocols.

However when I do this, the browse list is gone.  Hosts can access
properly the shares, but they have to know exactly \\machine\share in
order to to connect.  The same thing from a linux client:

smbclient -L {PDC} -m SMB2

Domain=[{MYDOMAIN}] OS=[] Server=[]

  Server               Comment
  ---------            -------

  Workgroup            Master
  ---------            -------

I.E. there's no information - The Server and Workgroup lists are empty.  I
can see information going into wins.dat and browse.dat, though.  If I set
the PDCs min protocols to NT1, I get:

smbclient -L {PDC}

Domain=[{MYDOMAIN}] OS=[Windows 6.1] Server=[Samba 4.3.11-Ubuntu]

(list of hosts follows)

  Workgroup            Master
  ---------            -------
  {OTHER_GROUP}        {GROUP_MASTER}

(etc)

What I do to set the minimum in my smb.conf is:

    server min protocol = SMB2
    server max protocol = SMB3
    client min protocol = SMB2
    client max protocol = SMB3
    min protocol = SMB2
    max protocol = SMB3
    client ipc min protocol = SMB2

Changing the server, client and min protocols to NT1 will give the
browselist from the smbclient command without the -m SMB2

Same thing for windows clients - if I disable SMB1, then they cannot
browse the domain.

Is there a configuration setup that will do browsing with SMB1/NT1
disabled ?  I'm running 4.3.11 on my PDC.

Thanks.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: browsing problem with minimum protocol SMB2

Samba - General mailing list
Hello,

> we're trying to remove SMB1 and below
> protocols.
>
> However when I do this, the browse list is gone.

The functionality around browse list depends on SMB1, so it
can not work under SMB2.

--
TAKAHASHI Motonobu/高橋 基信 <[hidden email]>

-----Original Message-----
From: Dirk Kleinhesselink via samba <[hidden email]>
Sent: Wed, 17 May 2017 16:42:05 -0700 (PDT)
To: [hidden email]
Cc:
Subject: [Samba] browsing problem with minimum protocol SMB2

I have a classic NT4 domain with the PDC also the wins server.  With the
recent ransomware problem, we're trying to remove SMB1 and below
protocols.

However when I do this, the browse list is gone.  Hosts can access
properly the shares, but they have to know exactly \\machine\share in
order to to connect.  The same thing from a linux client:

smbclient -L {PDC} -m SMB2

Domain=[{MYDOMAIN}] OS=[] Server=[]

  Server               Comment
  ---------            -------

  Workgroup            Master
  ---------            -------

I.E. there's no information - The Server and Workgroup lists are empty.  I
can see information going into wins.dat and browse.dat, though.  If I set
the PDCs min protocols to NT1, I get:

smbclient -L {PDC}

Domain=[{MYDOMAIN}] OS=[Windows 6.1] Server=[Samba 4.3.11-Ubuntu]

(list of hosts follows)

  Workgroup            Master
  ---------            -------
  {OTHER_GROUP}        {GROUP_MASTER}

(etc)

What I do to set the minimum in my smb.conf is:

    server min protocol = SMB2
    server max protocol = SMB3
    client min protocol = SMB2
    client max protocol = SMB3
    min protocol = SMB2
    max protocol = SMB3
    client ipc min protocol = SMB2

Changing the server, client and min protocols to NT1 will give the
browselist from the smbclient command without the -m SMB2

Same thing for windows clients - if I disable SMB1, then they cannot
browse the domain.

Is there a configuration setup that will do browsing with SMB1/NT1
disabled ?  I'm running 4.3.11 on my PDC.

Thanks.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...