samba - Feb 2021 - Windows 10 cannot connect without SMB1

Hi,

I have attached my smb.conf.

Regards,

K. R. Foley

On 2/28/21 5:49 AM, Rowland penny via samba wrote:
> On 28/02/2021 03:47, K. R. Foley via samba wrote:
>> Hi,
>>
>> I cannot get Windows 10 to connect to my Samba server without SMB1.
>>
>>
>> I get the following error when I try to join Windows 10 client to 
>> Samba 4.11.13 AD. I get the following error on the client:
>>
>> "The following error occurred attempting to join the domain 
>> 'local.richardshapiro.com':
>>
>> You can't connect to the file share because it's not secure.
This
>> share requires the obsolete SMB1 protocol, which is unsafe and could 
>> expose your system to attack. Your system requires SMB2 or higher. 
>> For more info on resolving this issue, see 
>> https://go.microsoft.com/fwlink/?linkid=852747"
>>
>>
>> I get? the following on the server:
>>
>> "Feb 27 20:43:06 ss-prod smbd[7323]: [2021/02/27 20:43:06.043958,
0,
>> pid=7323, effective(0, 0), real(0, 0)] 
>> ../../source3/smbd/negprot.c:593(reply_negprot)
>> Feb 27 20:43:06 ss-prod smbd[7323]:? negprot got no protocols"
>>
>>
>> If I enable SMB1 on the Windows? 10 client it can join the domain 
>> just fine. Without SMB1, it fails every time. I have tried numerous 
>> Samba configuration options on the Samba server, but none work.
>>
>> Server info:
>>
>> CentOS Linux release 7.9.2009
>>
>> [root at ss-prod packages]# uname -a
>> Linux ss-prod.rsa.richardshapiro.com 3.10.0-1160.15.2.el7.x86_64 #1 
>> SMP Wed Feb 3 15:06:38 UTC 2021 x86_64 x86_64 x86_64 GNU/Linu
>>
>> Samba 4.11.13 built from source
>>
>> I have tried numerous options on the server:
>>
>> ??????? server max protocol = SMB2
>> ??????? #min protocol = SMB2
>> #?????? min protocol = SMB2
>> #?????? server min protocol = NT1
>> ??????? #server min protocol = SMB2_10
>> ??????? #server max protocol = SMB3
>> ??????? #protocol = SMB
>>
>>
>> Shouldn't 4.11.13 support SMB2 or higher?
>>
> It does, can you post your smb.conf
>
> Rowland
>
>
>
-------------- next part --------------
# Global parameters
[global]
	netbios name = SS-PROD
	realm = LOCAL.RICHARDSHAPIRO.COM
	server role = active directory domain controller
	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
	workgroup = LOCAL
	idmap_ldb:use rfc2307 = yes
	log level = 10
	server max protocol = SMB2
	#min protocol = SMB2
#	min protocol = SMB2
#	server min protocol = NT1
	#server min protocol = SMB2_10
	#server max protocol = SMB3
	#protocol = SMB2
[sysvol]
	path = /usr/local/samba/var/locks/sysvol
	read only = No

[netlogon]
	path = /usr/local/samba/var/locks/sysvol/local.richardshapiro.com/scripts
	read only = No

On 28/02/2021 14:38, K. R. Foley wrote:
> Hi,
>
> I have attached my smb.conf.

And for those that didn't get the smb.conf:

[global]
 ??? netbios name = SS-PROD
 ??? realm = LOCAL.RICHARDSHAPIRO.COM
 ??? server role = active directory domain controller
 ??? server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
winbindd, ntp_signd, kcc, dnsupdate
 ??? workgroup = LOCAL
 ??? idmap_ldb:use rfc2307 = yes
 ??? log level = 10
 ??? server max protocol = SMB2

[sysvol]
 ??? path = /usr/local/samba/var/locks/sysvol
 ??? read only = No

[netlogon]
 ??? path = 
/usr/local/samba/var/locks/sysvol/local.richardshapiro.com/scripts
 ??? read only = No

How did you compile Samba ?

Did you install all the packages found on this bash script:

https://git.samba.org/?p=samba.git;a=blob_plain;f=bootstrap/generated-dists/centos7/bootstrap.sh;hb=v4-11-test

These are the defaults for the various 'protocols':

client min protocol = SMB2_02
client max protocol = SMB3_11

server min protocol = SMB2_02
server max protocol = SMB3

client ipc min protocol = SMB2_02

I hope you can see that you do not need to set any of them in your smb.conf

Rowland