Dirk Kleinhesselink
2017-May-17 23:42 UTC
[Samba] browsing problem with minimum protocol SMB2
I have a classic NT4 domain with the PDC also the wins server. With the
recent ransomware problem, we're trying to remove SMB1 and below
protocols.
However when I do this, the browse list is gone. Hosts can access
properly the shares, but they have to know exactly \\machine\share in
order to to connect. The same thing from a linux client:
smbclient -L {PDC} -m SMB2
Domain=[{MYDOMAIN}] OS=[] Server=[]
Server Comment
--------- -------
Workgroup Master
--------- -------
I.E. there's no information - The Server and Workgroup lists are empty. I
can see information going into wins.dat and browse.dat, though. If I set
the PDCs min protocols to NT1, I get:
smbclient -L {PDC}
Domain=[{MYDOMAIN}] OS=[Windows 6.1] Server=[Samba 4.3.11-Ubuntu]
(list of hosts follows)
Workgroup Master
--------- -------
{OTHER_GROUP} {GROUP_MASTER}
(etc)
What I do to set the minimum in my smb.conf is:
server min protocol = SMB2
server max protocol = SMB3
client min protocol = SMB2
client max protocol = SMB3
min protocol = SMB2
max protocol = SMB3
client ipc min protocol = SMB2
Changing the server, client and min protocols to NT1 will give the
browselist from the smbclient command without the -m SMB2
Same thing for windows clients - if I disable SMB1, then they cannot
browse the domain.
Is there a configuration setup that will do browsing with SMB1/NT1
disabled ? I'm running 4.3.11 on my PDC.
Thanks.
TAKAHASHI Motonobu/高橋 基信
2017-May-20 00:49 UTC
[Samba] browsing problem with minimum protocol SMB2
Hello,> we're trying to remove SMB1 and below > protocols. > > However when I do this, the browse list is gone.The functionality around browse list depends on SMB1, so it can not work under SMB2. -- TAKAHASHI Motonobu/高橋 基信 <monyo at monyo.com> -----Original Message----- From: Dirk Kleinhesselink via samba <samba at lists.samba.org> Sent: Wed, 17 May 2017 16:42:05 -0700 (PDT) To: samba at lists.samba.org Cc: Subject: [Samba] browsing problem with minimum protocol SMB2 I have a classic NT4 domain with the PDC also the wins server. With the recent ransomware problem, we're trying to remove SMB1 and below protocols. However when I do this, the browse list is gone. Hosts can access properly the shares, but they have to know exactly \\machine\share in order to to connect. The same thing from a linux client: smbclient -L {PDC} -m SMB2 Domain=[{MYDOMAIN}] OS=[] Server=[] Server Comment --------- ------- Workgroup Master --------- ------- I.E. there's no information - The Server and Workgroup lists are empty. I can see information going into wins.dat and browse.dat, though. If I set the PDCs min protocols to NT1, I get: smbclient -L {PDC} Domain=[{MYDOMAIN}] OS=[Windows 6.1] Server=[Samba 4.3.11-Ubuntu] (list of hosts follows) Workgroup Master --------- ------- {OTHER_GROUP} {GROUP_MASTER} (etc) What I do to set the minimum in my smb.conf is: server min protocol = SMB2 server max protocol = SMB3 client min protocol = SMB2 client max protocol = SMB3 min protocol = SMB2 max protocol = SMB3 client ipc min protocol = SMB2 Changing the server, client and min protocols to NT1 will give the browselist from the smbclient command without the -m SMB2 Same thing for windows clients - if I disable SMB1, then they cannot browse the domain. Is there a configuration setup that will do browsing with SMB1/NT1 disabled ? I'm running 4.3.11 on my PDC. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba