samba - Oct 2024 - [wsdd] Resolution takes several seconds

On 18/10/2024 10:51, Rowland Penny via samba wrote:
> I agree this is very strange, you have (even though not visible because
> they are the defaults) these lines in your smb.conf:
>
> client min protocol = SMB2_02
> server min protocol = SMB2_02
>
> You have also now added:
>
> disable netbios = yes
>
> So, you shouldn't be using SMBv1 (aka NTLMv1) and it shouldn't be
> possible to use it, but something seems to be trying to. You have these
> in the log fragments you posted earlier:
>
> 19:02:13.470182 CEST] with [NTLMv1] status [NT_STATUS_NO_SUCH_USER]
>
> "passwordType": "NTLMv1"
>
> Try turning up the logging, it may help in identifying where these
> logon attempts are coming from.
1. I added those two lines in Global, reloaded the file: Still slow
client min protocol = SMB2_02
server min protocol = SMB2_02

smbcontrol smbd reload-config
tail -f /var/log/samba/log.smbd

2. Edited smb.conf to increase its "log level" to 3 (per 
www.oreilly.com/openbook/samba/book/ch04_08.html), reloaded:

smbcontrol smbd reload-config
tail -f /var/log/samba/log.smbd

Here's what it says when I double-click on the Samba host in Windows' 
Network:

[2024/10/18 11:30:34.101979,? 3] ../../lib/util/access.c:372(allow_access)
 ? Allowed connection from 192.168.0.17 (192.168.0.17)
[2024/10/18 11:30:34.103350,? 3] 
../../source3/smbd/smb2_service.c:610(make_connection_snum)
 ? make_connection_snum: Connect path is '/tmp' for service [IPC$]
[2024/10/18 11:30:34.104403,? 3] 
../../source3/smbd/vfs.c:115(vfs_init_default)
 ? Initialising default vfs hooks
[2024/10/18 11:30:34.105484,? 3] 
../../source3/smbd/vfs.c:141(vfs_init_custom)
 ? Initialising custom vfs hooks from [/[Default VFS]/]
[2024/10/18 11:30:34.106969,? 3] 
../../source3/smbd/smb2_service.c:840(make_connection_snum)
 ? mini-lenovo (ipv4:192.168.0.17:57960) connect to service IPC$ 
initially as user www-data (uid=33, gid=33) (pid 7345)

On Fri, 18 Oct 2024 11:35:44 +0200
Gilles via samba <samba at lists.samba.org> wrote:
> On 18/10/2024 10:51, Rowland Penny via samba wrote:
> > I agree this is very strange, you have (even though not visible
> > because they are the defaults) these lines in your smb.conf:
> >
> > client min protocol = SMB2_02
> > server min protocol = SMB2_02
> >
> > You have also now added:
> >
> > disable netbios = yes
> >
> > So, you shouldn't be using SMBv1 (aka NTLMv1) and it shouldn't
be
> > possible to use it, but something seems to be trying to. You have
> > these in the log fragments you posted earlier:
> >
> > 19:02:13.470182 CEST] with [NTLMv1] status [NT_STATUS_NO_SUCH_USER]
> >
> > "passwordType": "NTLMv1"
> >
> > Try turning up the logging, it may help in identifying where these
> > logon attempts are coming from.
> 
> 1. I added those two lines in Global, reloaded the file: Still slow
> client min protocol = SMB2_02
> server min protocol = SMB2_02
You didn't need to, they are the defaults and have been so since Samba
4.11.0
> 
> smbcontrol smbd reload-config
> tail -f /var/log/samba/log.smbd
> 
> 2. Edited smb.conf to increase its "log level" to 3 (per 
> www.oreilly.com/openbook/samba/book/ch04_08.html), reloaded:
> 
> smbcontrol smbd reload-config
> tail -f /var/log/samba/log.smbd
> 
> Here's what it says when I double-click on the Samba host in
Windows'
> Network:
> 
> [2024/10/18 11:30:34.101979,? 3]
> ../../lib/util/access.c:372(allow_access) Allowed connection from
> 192.168.0.17 (192.168.0.17) [2024/10/18 11:30:34.103350,? 3] 
> ../../source3/smbd/smb2_service.c:610(make_connection_snum)
>  ? make_connection_snum: Connect path is '/tmp' for service [IPC$]
> [2024/10/18 11:30:34.104403,? 3] 
> ../../source3/smbd/vfs.c:115(vfs_init_default)
>  ? Initialising default vfs hooks
> [2024/10/18 11:30:34.105484,? 3] 
> ../../source3/smbd/vfs.c:141(vfs_init_custom)
>  ? Initialising custom vfs hooks from [/[Default VFS]/]
> [2024/10/18 11:30:34.106969,? 3] 
> ../../source3/smbd/smb2_service.c:840(make_connection_snum)
>  ? mini-lenovo (ipv4:192.168.0.17:57960) connect to service IPC$ 
> initially as user www-data (uid=33, gid=33) (pid 7345)
Nothing there about SMBv1.
I would raise the log level to at least 5 and see if something 'pops'
out during normal use, other than that, I would be looking closely at
Apache, could it be trying to use SMBv1 ?

Rowland