I did not set max protocol to SMB2 in smb.cnf, I don't want to force SMB2 selection if SMB3 can be used by a client. The machine is a Windows 7, so is SMB2 compliant. Le 22/07/2019 ? 11:44, Gaiseric Vandal via samba a ?crit?:> I would guess that changing the min protocol does not affect existing > connections unless you were to restart samba. > > Is the max protocol set to at least SMB2 ?????? I would have thought > that Windows 7 and later would negotiate the highest mutually > acceptable protocol. > > > On 7/22/19 10:40 AM, Edouard Guign? via samba wrote: >> Hello, >> >> I set client min protocol = SMB2 in my smb.cnf >> >> But I see some clients still connecting in NT1 (smbstatus) : >> >> smbstatus -p Mon Jul 22 11:39:36 2019 >> Samba version 4.8.3 >> PID???? Username???? Group Machine?????????????????????????????????? >> Protocol Version Encryption?????????? Signing >> ---------------------------------------------------------------------------------------------------------------------------------------- >> >> >> 20953?? exuser ??? utilisateurs du domaine 10.x.x.x >> (ipv4:10.x.x.x:61487)????????? NT1 -??????????????????? HMAC-MD5 >> >> >> Why is it still possible ? >> >> EdG >> >> > >
Does "testparm -v" show the max protocol as SMB3 ?? I am not sure what the defaults are if you don't explicitly set the parameter. If you reboot once of the clients will it reconnect with SMB2 ? On 7/22/19 10:51 AM, Edouard Guign? via samba wrote:> I did not set max protocol to SMB2 in smb.cnf, I don't want to force > SMB2 selection if SMB3 can be used by a client. > > The machine is a Windows 7, so is SMB2 compliant. > > > Le 22/07/2019 ? 11:44, Gaiseric Vandal via samba a ?crit?: >> I would guess that changing the min protocol does not affect existing >> connections unless you were to restart samba. >> >> Is the max protocol set to at least SMB2 ?????? I would have thought >> that Windows 7 and later would negotiate the highest mutually >> acceptable protocol. >> >> >> On 7/22/19 10:40 AM, Edouard Guign? via samba wrote: >>> Hello, >>> >>> I set client min protocol = SMB2 in my smb.cnf >>> >>> But I see some clients still connecting in NT1 (smbstatus) : >>> >>> smbstatus -p Mon Jul 22 11:39:36 2019 >>> Samba version 4.8.3 >>> PID???? Username???? Group Machine?????????????????????????????????? >>> Protocol Version Encryption?????????? Signing >>> ---------------------------------------------------------------------------------------------------------------------------------------- >>> >>> >>> 20953?? exuser ??? utilisateurs du domaine 10.x.x.x >>> (ipv4:10.x.x.x:61487)????????? NT1 - HMAC-MD5 >>> >>> >>> Why is it still possible ? >>> >>> EdG >>> >>> >> >> >
On 22/07/2019 15:51, Edouard Guign? via samba wrote:> I did not set max protocol to SMB2 in smb.cnf, I don't want to force > SMB2 selection if SMB3 can be used by a client. > > The machine is a Windows 7, so is SMB2 compliant. >If the Win 7 machine is connecting to a share on a Unix domain member, it is connecting to a 'server' not a 'client' So, set 'server min protocol = SMB2_02' as well Rowland
as far as i know setting client min protocol = SMB2 affects client on samba host (ie smbclient) you should set min protocol = SMB2 to force windows clients to connect with minimum smb2 on your smbd server Le 22/07/2019 ? 16:51, Edouard Guign? via samba a ?crit?:> I did not set max protocol to SMB2 in smb.cnf, I don't want to force > SMB2 selection if SMB3 can be used by a client. > > The machine is a Windows 7, so is SMB2 compliant. > > > Le 22/07/2019 ? 11:44, Gaiseric Vandal via samba a ?crit?: >> I would guess that changing the min protocol does not affect existing >> connections unless you were to restart samba. >> >> Is the max protocol set to at least SMB2 ?????? I would have thought >> that Windows 7 and later would negotiate the highest mutually >> acceptable protocol. >> >> >> On 7/22/19 10:40 AM, Edouard Guign? via samba wrote: >>> Hello, >>> >>> I set client min protocol = SMB2 in my smb.cnf >>> >>> But I see some clients still connecting in NT1 (smbstatus) : >>> >>> smbstatus -p Mon Jul 22 11:39:36 2019 >>> Samba version 4.8.3 >>> PID???? Username???? Group Machine?????????????????????????????????? >>> Protocol Version Encryption?????????? Signing >>> ---------------------------------------------------------------------------------------------------------------------------------------- >>> >>> >>> 20953?? exuser ??? utilisateurs du domaine 10.x.x.x >>> (ipv4:10.x.x.x:61487)????????? NT1 - HMAC-MD5 >>> >>> >>> Why is it still possible ? >>> >>> EdG >>> >>> >> >> >-- Arnaud FLORENT IRIS Technologies
On 7/22/19 10:57 AM, Rowland penny via samba wrote:> On 22/07/2019 15:51, Edouard Guign? via samba wrote: >> I did not set max protocol to SMB2 in smb.cnf, I don't want to force >> SMB2 selection if SMB3 can be used by a client. >> >> The machine is a Windows 7, so is SMB2 compliant. >> > If the Win 7 machine is connecting to a share on a Unix domain member, > it is connecting to a 'server' not a 'client' > > So, set 'server min protocol = SMB2_02' as well > > Rowland > > >I believe "min protocol" is the same as "server min protocol."
Hello, Thank you ! I add server min protocol = SMB2_02 to smb.cnf All clients are now using SMB2_10 as minimum protocol version May you indicate me the difference between "client min protocol" and "server min protocol" ? "server min protocol" is to use on a domain member "client min protocol" is to use in which case ? Should I also set client min protocol = SMB2 to SMB2_02 ? EdG Le 22/07/2019 ? 11:57, Rowland penny via samba a ?crit?:> On 22/07/2019 15:51, Edouard Guign? via samba wrote: >> I did not set max protocol to SMB2 in smb.cnf, I don't want to force >> SMB2 selection if SMB3 can be used by a client. >> >> The machine is a Windows 7, so is SMB2 compliant. >> > If the Win 7 machine is connecting to a share on a Unix domain member, > it is connecting to a 'server' not a 'client' > > So, set 'server min protocol = SMB2_02' as well > > Rowland > > >