Matthias Kühne | Ellerhold AG
2021-Jul-26 13:42 UTC
[Samba] Missing deprecations from CHANGELOG 4.14
Am 26.07.21 um 15:36 schrieb Rowland Penny via samba:> On Mon, 2021-07-26 at 15:00 +0200, Matthias K?hne | Ellerhold AG via > samba wrote: >> Hello, >> >> in preparation for the upcoming samba 4.15 release Ive upgraded all >> my >> debian servers from 4.13 to 4.14. >> >> Ive read all changelogs and nothing stood out, so I went ahead and >> (seemingly) everything worked fine. >> >> 2 days later I noticed that client connections to an old Mac OS 10.6 >> Server via samba wont work anymore: error "smb_signing_good: BAD >> SIG: >> seq 1". These old servers can only use SMB1 and should be dismantled >> soon (tm). We're using a PHP lib with php7.4-smbclient to access >> them. >> >> There was nothing in the release notes (linked here >> https://www.samba.org/samba/history/samba-4.14.0.html) for SMB1 >> deprecations or somethings like that. But downgrading to 4.13 solved >> the >> problem! >> >> Digging deeper I found that in the RC release notes (e. g. >> https://download.samba.org/pub/samba/rc/4.14.0rc/samba-4.14.0rc4.WHATSNEW.txt) >> there were a lot more deprecations regarding SMB1. These are somehow >> missing from the final release notes! >> >> Upgrading back to 4.14 and setting all the deprecated parameters >> from >> the RC-changelog didnt solve my problem though. >> >> The lib (https://github.com/icewind1991/SMB/) Im using can either >> use >> the php module or the smbclient binary directly. Switching to the >> binary >> (without any smb.conf changes!) solved the problem! So it seems like >> there is a compatibility problem in the PHP module... This module is >> from deb.sury.org and out of your control (I think). >> >> Could you please add the SMB1 deprecations from the RC changelog to >> the >> final changelog? Thanks! > The problem is that the minimum protocols were changed to SMBv2 at > 4.11.0 and a lot of the SMBv1 parameters were deprecated at 4.13.0 > > Then when 'WHATSNEW.txt' was created for 4.14.0rc4, it relied heavy on > the WHATSNEW.txt for 4.13.0, too heavily in fact, because it contained > most of the contents of the 4.13.0 one. The old parts from the 4.13.0 > file were removed from the 4.14.0 one when it was released, that one is > the one to read. > > RowlandOkay, so the docs for 4.14.0 are correct then? There are no new deprecations for 4.14 that werent in 4.13 regarding SMB1? Im having "client min protocol = NT1" and "ntlm auth = ntlmv1-permitted" in both versions and 4.13 works while 4.14 wont... So it must be a really weird bug in the PHP module (entirely possible!). Then disregard my ramblings :) -- Matthias K?hne Senior Webentwickler Datenschutzbeauftragter Ellerhold Aktiengesellschaft Friedrich-List-Str. 4 01445 Radebeul Telefon: +49 (0) 351 83933-61 Telefax: +49 (0) 351 83933-99 Web www.ellerhold.de Twitter www.twitter.com/Ellerhold_AG Youtube www.youtube.com/user/ellerholdgruppe Amtsgericht Dresden / HRB 23769 Vorstand: Stephan Ellerhold, Maximilian Ellerhold Vorsitzender des Aufsichtsrates: Frank Ellerhold ---Diese E-Mail und Ihre Anlagen enthalten vertrauliche Mitteilungen. Sollten Sie nicht der beabsichtigte Adressat sein, so bitten wir Sie um Mitteilung und um sofortiges l?schen dieser E-Mail und der Anlagen. Unsere Hinweise zum Datenschutz finden Sie hier: http://www.ellerhold.de/datenschutz/ This e-mail and its attachments are privileged and confidential. If you are not the intended recipient, please notify us and immediately delete this e-mail and its attachments. You can find our privacy policy here: http://www.ellerhold.de/datenschutz/
On Mon, 2021-07-26 at 15:42 +0200, Matthias K?hne | Ellerhold AG via samba wrote:> > > > > > Okay, so the docs for 4.14.0 are correct then? There are no new > deprecations for 4.14 that werent in 4.13 regarding SMB1? Im having > "client min protocol = NT1" and "ntlm auth = ntlmv1-permitted" in > both > versions and 4.13 works while 4.14 wont... > > So it must be a really weird bug in the PHP module (entirely > possible!). > > Then disregard my ramblings :) >No, if the only change is the Samba version and you are having problems, then it could be Samba, but there do not seem to have been changes that would cause your problem. Not that I really know your problem, you have given us little to go on. It might help if you can tell us just what no longer works and post your smb.conf and any relevant log files. Rowland
Matthias Kühne | Ellerhold AG
2021-Aug-03 13:16 UTC
[Samba] Missing deprecations from CHANGELOG 4.14
Hello Rowland, Im still tracking down this bug and I've set up a brand new VM. Using the standard debian samba package (4.9.5) my script can successfully send files to a Mac OS SMB-Server without any smb.conf at all. After the upgrade to Louis' 4.13 (2:4.13.10+dfsg-0.1buster1) this script fails. Ive changed my smb.conf to [global] ??? ntlm auth = ntlmv1-permitted ??? client min protocol = NT1 and tried it again: It works again (as expected)! Upgrading to 4.14 (2:4.14.6+dfsg-0.1buster1) and my script fails again! Using `smbclient` instead of `libsmbclient` via the php-module works though... So something must've changed between 4.13.10 and 4.14.6 in libsmbclient ... Additionally I tried to use PHPs 'smbclient_client_protocols()' to allow SMB1 connections. Turns out this function is not available. Looking at https://github.com/eduardok/libsmbclient-php/blob/b019c41a9ceb3695d97e0ef2fe1ad424097455b3/config.m4 (line 75+) it seems like the libsmbclient is missing the 'smbc_setOptionProtocols', so the PHP Module doesnt publish the 'smbclient_client_protocols()' function. Im using Ondrej Sury PHP Repository for debian and opened a bug there: https://github.com/oerdnj/deb.sury.org/issues/1624 Turns out neither the standard debian 4.9, nor Louis 4.13 nor Louis 4.14 version of libsmbclient has this function compiled in. Im 90% sure, that this is a separate thing because 4.9 and 4.13 worked while lacking this function. Am 26.07.21 um 16:13 schrieb Rowland Penny via samba:> On Mon, 2021-07-26 at 15:42 +0200, Matthias K?hne | Ellerhold AG via > samba wrote: > >> Okay, so the docs for 4.14.0 are correct then? There are no new >> deprecations for 4.14 that werent in 4.13 regarding SMB1? Im having >> "client min protocol = NT1" and "ntlm auth = ntlmv1-permitted" in >> both >> versions and 4.13 works while 4.14 wont... >> >> So it must be a really weird bug in the PHP module (entirely >> possible!). >> >> Then disregard my ramblings :) >> > No, if the only change is the Samba version and you are having > problems, then it could be Samba, but there do not seem to have been > changes that would cause your problem. Not that I really know your > problem, you have given us little to go on. > > It might help if you can tell us just what no longer works and post > your smb.conf and any relevant log files. > > Rowland > > >-- Matthias K?hne Senior Webentwickler Datenschutzbeauftragter Ellerhold Aktiengesellschaft Friedrich-List-Str. 4 01445 Radebeul Telefon: +49 (0) 351 83933-61 Telefax: +49 (0) 351 83933-99 Web www.ellerhold.de Twitter www.twitter.com/Ellerhold_AG Youtube www.youtube.com/user/ellerholdgruppe Amtsgericht Dresden / HRB 23769 Vorstand: Stephan Ellerhold, Maximilian Ellerhold Vorsitzender des Aufsichtsrates: Frank Ellerhold ---Diese E-Mail und Ihre Anlagen enthalten vertrauliche Mitteilungen. Sollten Sie nicht der beabsichtigte Adressat sein, so bitten wir Sie um Mitteilung und um sofortiges l?schen dieser E-Mail und der Anlagen. Unsere Hinweise zum Datenschutz finden Sie hier: http://www.ellerhold.de/datenschutz/ This e-mail and its attachments are privileged and confidential. If you are not the intended recipient, please notify us and immediately delete this e-mail and its attachments. You can find our privacy policy here: http://www.ellerhold.de/datenschutz/