That does indeed show "default". For logs, I tested with my system and a system that gets SMB2. Any tips for what I might be looking for? Early on in the logs, I see this for the NT1 system (no mentions of smb2 anywhere) [2016/04/19 14:48:37.738460, 3, pid=21479, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:395(reply_nt1) using SPNEGO [2016/04/19 14:48:37.738476, 3, pid=21479, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:684(reply_negprot) Selected protocol NT LM 0.12 [2016/04/19 14:48:37.738488, 5, pid=21479, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:691(reply_negprot) negprot index=5 For the system that gets SMB2, I see: [2016/04/19 15:04:46.352217, 10, pid=21600, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:3068(smbd_smb2_first_negprot) smbd_smb2_first_negprot: packet length 102 [2016/04/19 15:04:46.352249, 10, pid=21600, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:646(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 0 (position 0) from bitmap [2016/04/19 15:04:46.352269, 10, pid=21600, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:1954(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_NEGPROT] mid = 0 [2016/04/19 15:04:46.352285, 4, pid=21600, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/04/19 15:04:46.352302, 5, pid=21600, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/04/19 15:04:46.352318, 5, pid=21600, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/04/19 15:04:46.352343, 5, pid=21600, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/04/19 15:04:46.352381, 10, pid=21600, effective(0, 0), real(0, 0)] ../source3/lib/util.c:1291(set_remote_arch) set_remote_arch: Client arch is 'Vista' [2016/04/19 15:04:46.352420, 6, pid=21600, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2151(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf.client-%I -> /etc/samba/smb.conf.client-10.88.5.102 last mod_time: Tue Apr 19 14:44:42 2016 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Apr 19 14:45:15 2016 [2016/04/19 15:04:46.352463, 3, pid=21600, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_negprot.c:213(smbd_smb2_request_process_negprot) Selected protocol SMB2_FF On Tue, Apr 19, 2016 at 3:01 PM, lingpanda101 at gmail.com < lingpanda101 at gmail.com> wrote:> On 4/19/2016 2:51 PM, Bill Baird wrote: > > *testparm -v | grep "client min protocol"* > client min protocol = CORE > > On Tue, Apr 19, 2016 at 2:50 PM, <lingpanda101 at gmail.com> > lingpanda101 at gmail.com <lingpanda101 at gmail.com> wrote: > >> On 4/19/2016 2:43 PM, Bill Baird wrote: >> >> I am accessing the new member server. All my other servers are still on >> 3.6.x. >> >> Both settings are set to "default". >> >> Will look at logs now. >> >> Thanks! >> >> >> >> On Tue, Apr 19, 2016 at 2:39 PM, lingpanda101 at gmail.com < >> lingpanda101 at gmail.com> wrote: >> >>> On 4/19/2016 2:08 PM, Bill Baird wrote: >>> >>>> Hi All, >>>> >>>> I just setup a new server and added it to my domain last week and it has >>>> been working well. We are running a NT4-style Samba PDC for our domain >>>> controller. This server is running the CentOS packages for Samba >>>> 4.2.10-6 >>>> as a domain member. My issue is that I have one Windows 7 workstation >>>> that >>>> will only auto-negotiate to the NT1 protocol. If I run smbstatus, all >>>> of my >>>> other workstations use SMB2_10, as expected. >>>> >>>> Has anyone seen this before? Is there a log file I can look at to >>>> determine >>>> what is going wrong in the protocol negotiation? >>>> >>>> Thanks! >>>> >>>> --Bill >>>> >>> You can enable client specific logging and see if it turns up anything. >>> >>> https://wiki.samba.org/index.php/Client_specific_logging >>> >>> Access a share and review the logs. >>> >>> Is this Windows 7 workstation accessing the new member server and >>> displaying NT1 or the old one? >>> >>> Can you run on both member servers and report? >>> >>> testparm -v |grep "client ipc max protocol" and testparm -v |grep >>> "client ipc min protocol" >>> >>> -- >>> -James >>> >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: <https://lists.samba.org/mailman/options/samba> >>> https://lists.samba.org/mailman/options/samba >>> >> >> >> >> -- >> *Bill Baird* >> Chief Technology Officer >> Office: 845-876-8228 x311 >> Mobile: 203-545-0437 >> www.phoenixmi.com >> >> The man page for smb.conf reads for "client ipc min protocol" >> >> The value default refers to the higher value of NT1 and the >> effective value of client min protocol. >> >> What does testparm -v | grep "client min protocol" give? >> >> -- >> -James >> >> > > > -- > *Bill Baird* > Chief Technology Officer > Office: 845-876-8228 x311 > Mobile: 203-545-0437 > www.phoenixmi.com > > What does testparm -v | grep "client max protocol" give? it should be > 'default' which is SMB3_11. You can always force SMB2_10 > > -- > -James > >-- *Bill Baird* Chief Technology Officer Office: 845-876-8228 x311 Mobile: 203-545-0437 www.phoenixmi.com
lingpanda101 at gmail.com
2016-Apr-19 19:20 UTC
[Samba] Workstation Limited to NT1 Protocol
On 4/19/2016 3:11 PM, Bill Baird wrote:> [2016/04/19 15:04:46.352217, 10, pid=21600, effective(0, 0), real(0, > 0)] ../source3/smbd/smb2_server.c:3068(smbd_smb2_first_negprot) > smbd_smb2_first_negprot: packet length 102Everything looks OK on your MS. Since it's only one workstation I'm certain it's the issue. You want to look for this line in your logs. This is what you posted from your SMB2 connection. [2016/04/19 15:04:46.352217, 10, pid=21600, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:3068(smbd_smb2_first_negprot) smbd_smb2_first_negprot: packet length 102 Specifically this 'smbd_smb2_first_negprot'. The workstation should attempt SMB2 and fall back if it can't. Do you even see this process? You can also force SMB2 in the registry of the windows workstation if need be. I wouldn't advise it but it can be done. -- -James
When I search for "smb2", I get nothing in my log file for the NT1 limited system. If it is a workstation issue, that would be great. I'll search around for what settings to change. Maybe SMB2 was inadvertently disabled. Thanks for all of your help on this! On Tue, Apr 19, 2016 at 3:20 PM, lingpanda101 at gmail.com < lingpanda101 at gmail.com> wrote:> On 4/19/2016 3:11 PM, Bill Baird wrote: > >> [2016/04/19 15:04:46.352217, 10, pid=21600, effective(0, 0), real(0, 0)] >> ../source3/smbd/smb2_server.c:3068(smbd_smb2_first_negprot) >> smbd_smb2_first_negprot: packet length 102 >> > Everything looks OK on your MS. Since it's only one workstation I'm > certain it's the issue. You want to look for this line in your logs. This > is what you posted from your SMB2 connection. > > [2016/04/19 15:04:46.352217, 10, pid=21600, effective(0, 0), real(0, 0)] > ../source3/smbd/smb2_server.c:3068(smbd_smb2_first_negprot) > smbd_smb2_first_negprot: packet length 102 > > Specifically this 'smbd_smb2_first_negprot'. The workstation should > attempt SMB2 and fall back if it can't. Do you even see this process? > > You can also force SMB2 in the registry of the windows workstation if need > be. I wouldn't advise it but it can be done. > > > > > -- > -James > >-- *Bill Baird* Chief Technology Officer Office: 845-876-8228 x311 Mobile: 203-545-0437 www.phoenixmi.com