Moertenhumer Martin
2025-Mar-14 12:07 UTC
[Samba] 4.20: smb.conf include = %I.conf / server min protocol
Hello,
in the past I've used host-based configurations to allow older Windows XP
machines to connect to recent servers (without reducing security for the entire
network). Up until samba 4.19 this worked for me. Using 4.20 I'm facing the
issue that "server min protocol = NT1" does not work when set in
include=.../%I.conf. (setting server min protocol = NT1 in smb.conf's global
section works).
Any insights/ideas are highly appreciated.
Kernel:
5.14.0-503.29.1.el9_5.x86_64
Red Hat Enterprise Linux release 9.5 (Plow) Samba version:
samba-4.20.2-2.el9_5.x86_64
smb.conf:
[global]
allow insecure wide links = yes
netbios aliases = somethingTEST somethingTEST
acl allow execute always = True
passdb backend = tdbsam
wins support = true
security = user
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
read raw = no
map to guest = Bad Password
cups options = raw
follow symlinks = yes
preferred master = yes
load printers = yes
guest account = liprod
write raw = no
os level = 20
netbios name = something
wide links = yes
workgroup = ratherNOTtell
include = /etc/samba/client_based_cfg/%I.conf
/etc/samba/client_based_cfg/10.2.10.4.conf:
[global]
server min protocol = NT1
map to guest = Bad Password
ntlm auth = yes
guest ok = yes
log level = 3
Log (/var/log/samba/log.10.2.10.4)
[2025/03/14 12:50:31.095021, 2]
../../source3/param/loadparm.c:2901(lp_do_section)
Processing section "[printers]"
[2025/03/14 12:50:31.095068, 2]
../../source3/param/loadparm.c:2901(lp_do_section)
Processing section "[pcidos]"
[2025/03/14 12:50:31.095126, 2]
../../source3/param/loadparm.c:2901(lp_do_section)
Processing section "[fab]"
[2025/03/14 12:50:31.095174, 2]
../../source3/param/loadparm.c:2901(lp_do_section)
Processing section "[liident]"
[2025/03/14 12:50:31.095200, 2]
../../source3/param/loadparm.c:2901(lp_do_section)
Processing section "[sw-tank]"
[2025/03/14 12:50:31.095228, 2]
../../source3/param/loadparm.c:2901(lp_do_section)
Processing section "[labels]"
[2025/03/14 12:50:31.095253, 2]
../../source3/param/loadparm.c:2901(lp_do_section)
Processing section "[bar]"
[2025/03/14 12:50:31.095278, 2]
../../source3/param/loadparm.c:2901(lp_do_section)
Processing section "[benteler]"
[2025/03/14 12:50:31.095306, 2]
../../source3/param/loadparm.c:2901(lp_do_section)
Processing section "[shape]"
[2025/03/14 12:50:31.095319, 2]
../../source3/param/loadparm.c:2901(lp_do_section)
Processing section "[test]"
[2025/03/14 12:50:31.095341, 3] ../../source3/param/loadparm.c:1686(lp_add_ipc)
adding IPC service
added interface eth0 ip=10.2.10.1 bcast=10.2.10.255 netmask=255.255.255.0
[2025/03/14 12:50:31.095513, 3]
../../source3/smbd/smb2_negprot.c:1203(smb2_multi_protocol_reply_negprot)
smb2_multi_protocol_reply_negprot: No protocol supported !
[2025/03/14 12:50:31.095627, 3]
../../source3/smbd/server_exit.c:229(exit_server_common)
Server exit (no protocol supported
)
Thanks,
Martin
Rowland Penny
2025-Mar-19 12:07 UTC
[Samba] 4.20: smb.conf include = %I.conf / server min protocol
On Fri, 14 Mar 2025 12:07:44 +0000 Moertenhumer Martin via samba <samba at lists.samba.org> wrote:> Hello, > > in the past I've used host-based configurations to allow older > Windows XP machines to connect to recent servers (without reducing > security for the entire network). Up until samba 4.19 this worked for > me. Using 4.20 I'm facing the issue that "server min protocol = NT1" > does not work when set in include=.../%I.conf. (setting server min > protocol = NT1 in smb.conf's global section works). > > Any insights/ideas are highly appreciated. >I recently found that the '%u' and '%U' variables do not return what you would expect. I have 'winbind use default domain = yes' set in smb.conf, so expect just the username for '%u' or '%U', but '%u' now returns '$NETBIOS_DOMAINusername and '%U' returns 'username_$DNS_DOMAIN'. I wonder if '%I' isn't returning the IP address correctly ? Rowland