samba - Oct 2024 - [wsdd] Resolution takes several seconds

On 17/10/2024 19:19, Rowland Penny via samba wrote:
 > Your Samba server isn't using NTLMv1 (aka SMBv1), but it appears the 
client is.

Odd. I disabled it after installing Windows10. Following MS instructions 
<https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server>,
here's what the PowerShell command says:
==============PS C:\WINDOWS\system32> Get-WindowsOptionalFeature -Online
-FeatureName
SMB1Protocol

FeatureName????? : SMB1Protocol
DisplayName????? : SMB 1.0/CIFS File Sharing Support
Description????? : Support for the SMB 1.0/CIFS file sharing protocol, 
and the Computer Browser protocol.
RestartRequired? : Possible
State??????????? : Disabled
CustomProperties :
 ?????????????????? ServerComponent\Description : Support for the SMB 
1.0/CIFS file sharing protocol, and the Computer
 ?????????????????? Browser protocol.
 ?????????????????? ServerComponent\DisplayName : SMB 1.0/CIFS File 
Sharing Support
 ?????????????????? ServerComponent\Id : 487
 ?????????????????? ServerComponent\Type : Feature
 ?????????????????? ServerComponent\UniqueName : FS-SMB1
 ?????????????????? ServerComponent\Deploys\Update\Name : SMB1Protocol
==============
The relevant item is also unchecked in Control Panel: 
https://postimg.cc/TpzL7jBZ

 > You still appear to be using parameters that were removed a long time 
ago.

Possible, since stuff on the Internet doesn't always say what version it 
applies to. Is there a recommended book for Samba 4 or a tool that scans 
an smb.conf and makes recommendations?

Here's my smb.conf:
==============[global]
workgroup = WORKGROUP
netbios name = DEBIAN

security = user
map to guest = Bad User
;map to guest = Bad Password
;www-data used by Nginx
guest account = www-data

hosts allow = 127.0.0.1 192.168.0.0/24
hosts deny = 0.0.0.0/0

bind interfaces only = yes
interfaces = 192.168.0.15/255.255.255.0 127.0.0.1/255.255.255.255

log level = 2

disable netbios = yes

;this avoids needless errors in the logs if you have no printer
printcap name = /dev/null
load printers = no
printing = bsd

[www]
path = /usr/share/nginx
;comment = No need for Unix/Samba passwords
guest ok = yes
writeable=yes
browseable=yes
force create mode = 0644
create mask = 0664
security mask = 0664
force security mode = 0664

[sdcard]
path = /mnt/sdcard
;comment = No need for Unix/Samba passwords
guest ok = yes
writeable=yes
browseable=yes
force create mode = 0644
create mask = 0664
===============

On Fri, 18 Oct 2024 09:14:01 +0200
Gilles via samba <samba at lists.samba.org> wrote:
> On 17/10/2024 19:19, Rowland Penny via samba wrote:
>  > Your Samba server isn't using NTLMv1 (aka SMBv1), but it appears
>  > the 
> client is.
> 
> Odd. I disabled it after installing Windows10. Following MS
> instructions
>
<https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server>,
> here's what the PowerShell command says: ==============> PS
C:\WINDOWS\system32> Get-WindowsOptionalFeature -Online
> -FeatureName SMB1Protocol
> 
> FeatureName????? : SMB1Protocol
> DisplayName????? : SMB 1.0/CIFS File Sharing Support
> Description????? : Support for the SMB 1.0/CIFS file sharing
> protocol, and the Computer Browser protocol.
> RestartRequired? : Possible
> State??????????? : Disabled
> CustomProperties :
>  ?????????????????? ServerComponent\Description : Support for the SMB 
> 1.0/CIFS file sharing protocol, and the Computer
>  ?????????????????? Browser protocol.
>  ?????????????????? ServerComponent\DisplayName : SMB 1.0/CIFS File 
> Sharing Support
>  ?????????????????? ServerComponent\Id : 487
>  ?????????????????? ServerComponent\Type : Feature
>  ?????????????????? ServerComponent\UniqueName : FS-SMB1
>  ?????????????????? ServerComponent\Deploys\Update\Name : SMB1Protocol
> ==============> 
> The relevant item is also unchecked in Control Panel: 
> https://postimg.cc/TpzL7jBZ
> 
>  > You still appear to be using parameters that were removed a long
>  > time 
> ago.
> 
> Possible, since stuff on the Internet doesn't always say what version
> it applies to. Is there a recommended book for Samba 4 or a tool that
> scans an smb.conf and makes recommendations?
> 
> Here's my smb.conf:
> ==============> [global]
> workgroup = WORKGROUP
> netbios name = DEBIAN
> 
> security = user
> map to guest = Bad User
> ;map to guest = Bad Password
> ;www-data used by Nginx
> guest account = www-data
> 
> hosts allow = 127.0.0.1 192.168.0.0/24
> hosts deny = 0.0.0.0/0
> 
> bind interfaces only = yes
> interfaces = 192.168.0.15/255.255.255.0 127.0.0.1/255.255.255.255
> 
> log level = 2
> 
> disable netbios = yes
> 
> ;this avoids needless errors in the logs if you have no printer
> printcap name = /dev/null
> load printers = no
> printing = bsd
> 
> [www]
> path = /usr/share/nginx
> ;comment = No need for Unix/Samba passwords
> guest ok = yes
> writeable=yes
> browseable=yes
> force create mode = 0644
> create mask = 0664
> security mask = 0664
> force security mode = 0664
> 
> [sdcard]
> path = /mnt/sdcard
> ;comment = No need for Unix/Samba passwords
> guest ok = yes
> writeable=yes
> browseable=yes
> force create mode = 0644
> create mask = 0664
> ==============
I agree this is very strange, you have (even though not visible because
they are the defaults) these lines in your smb.conf:

client min protocol = SMB2_02
server min protocol = SMB2_02

You have also now added:

disable netbios = yes

So, you shouldn't be using SMBv1 (aka NTLMv1) and it shouldn't be
possible to use it, but something seems to be trying to. You have these
in the log fragments you posted earlier:

19:02:13.470182 CEST] with [NTLMv1] status [NT_STATUS_NO_SUCH_USER] 

"passwordType": "NTLMv1"

Try turning up the logging, it may help in identifying where these
logon attempts are coming from.

Rowland