Jeremy,
I've done some packet analysis between my two windows hosts, connecting via
SMB and I am seeing basically the same behavior when connecting to Samba but my
Get-SmbMultichannelConnection powershell command actually returns a result
stating multichannel is enabled.
Here are two S3 object URLs for that two packet captures (both links will expire
in 3 hours)
*
Windows to
Samba<https://csheehan-samba-troubleshooting-bucket.s3.us-east-1.amazonaws.com/client-to-samba-capture.pcapng?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEMX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQCPLor81XLANRtMNdpxlHiBkhYjmOegrWekxWRcubUP1QIhALsWjgKbeoydM17bBlIKRZf1XZxUN6s9jktnzLxsEKXIKvgDCE4QABoMODQ0MDY4NDE0NzU2IgwF735tbcew8Syax5cq1QOGqHQADMnTpxkgaFeTuyPtgsc9PRCCxTmXy5iVAWBEfaTEdJKeekq1skObVNXvGn%2BYE%2BQ5aE%2BILRU7FEjHTaHwoSuvryX7MyEz%2FDzZWVIpje2WBm7ofzacPRMGYgwpQ6F2psLIkpcEpeHSebV0Tt6Yi8a7%2BrIZtPKx8iSRXMx0yKXEr7IWxh%2FYOinAeOIfrg7SgQHpslIq12aAYTp2pIz3HCGFeavSLOnAA%2FCxSCb5yAhRipOiWoln0qv1gxy6eFvOASs6iIx9EHpdrq2%2FJCtGMLldYSI75%2ByzPJxzSNXBsaqK2ENW%2BzPHuW01klmufYV%2Fnihlo6wVyFfg%2Fpifd6B8DWlT49q9OnAwO8N0H7WRvicCIjyhl243l27nwH6NN3%2FsWRu2XbmVqBJ5Knj3dwi%2BnKzG6FjyZ7swojRB0ay488X58edldKAS%2B1anQQsdPFWOAvsaJyfKZbp1RwLX%2BFy8XIKYKx4fzh%2BfeJqlwDdVh4iwTkfBHSpoJ4jJsVuNEMKOFH0IgirF7LC2NMBO0ZykvCvQBXlC4iBAch5afdwItHVP%2B1cfKjKwOpD0A2zXNwkgupquR2AJFxvuYqpgKZnWXSkqwCwM5EnMBbAwlf6VFZVyYSVbMJXHhZ8GOpMCuvh2pM7vng7tloBj26sb7OCV2ijgvPOk0h7mxyZY6hdTAfUVAtJRttKIL6qL9mVfYW7tGTGXHwfvS2O7r3iwYjTflp8JAFtO%2Bkim%2B0an9DWAPqofqqGwlj1%2FEpdJxIXG3YstR9twcliM16kykELZt%2BUL6iRWAm5czTNj3Qt8OA37i3pExnZkPmaMbQ3%2FA1vGdYvi0vHOPXxRftLFk8EmbDQgmbgTMNv2OlHZEkZNWfxy%2BWEhodSYwcy5UG0I4cObWLQF9e2boN7fMCTTTY1hS0U%2F7SzStfl0Spn0yA33DBZlPBhvCcEnXmKzt67pokM42k2jMA54WdmBHni80GkQ7ULqL4Dg8SRVCN3dv%2Biu9pAtkY4%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20230206T212247Z&X-Amz-SignedHeaders=host&X-Amz-Expires=10800&X-Amz-Credential=ASIA4JBTF4USPJPXYIM3%2F20230206%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=59c345cada6e519b81ff0e69607515a86dcbb68f41db09acfa358dcb93e8c63f>
*
Windows to
Windows<https://csheehan-samba-troubleshooting-bucket.s3.us-east-1.amazonaws.com/windows-to-windows-capture.pcapng?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEMX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQCPLor81XLANRtMNdpxlHiBkhYjmOegrWekxWRcubUP1QIhALsWjgKbeoydM17bBlIKRZf1XZxUN6s9jktnzLxsEKXIKvgDCE4QABoMODQ0MDY4NDE0NzU2IgwF735tbcew8Syax5cq1QOGqHQADMnTpxkgaFeTuyPtgsc9PRCCxTmXy5iVAWBEfaTEdJKeekq1skObVNXvGn%2BYE%2BQ5aE%2BILRU7FEjHTaHwoSuvryX7MyEz%2FDzZWVIpje2WBm7ofzacPRMGYgwpQ6F2psLIkpcEpeHSebV0Tt6Yi8a7%2BrIZtPKx8iSRXMx0yKXEr7IWxh%2FYOinAeOIfrg7SgQHpslIq12aAYTp2pIz3HCGFeavSLOnAA%2FCxSCb5yAhRipOiWoln0qv1gxy6eFvOASs6iIx9EHpdrq2%2FJCtGMLldYSI75%2ByzPJxzSNXBsaqK2ENW%2BzPHuW01klmufYV%2Fnihlo6wVyFfg%2Fpifd6B8DWlT49q9OnAwO8N0H7WRvicCIjyhl243l27nwH6NN3%2FsWRu2XbmVqBJ5Knj3dwi%2BnKzG6FjyZ7swojRB0ay488X58edldKAS%2B1anQQsdPFWOAvsaJyfKZbp1RwLX%2BFy8XIKYKx4fzh%2BfeJqlwDdVh4iwTkfBHSpoJ4jJsVuNEMKOFH0IgirF7LC2NMBO0ZykvCvQBXlC4iBAch5afdwItHVP%2B1cfKjKwOpD0A2zXNwkgupquR2AJFxvuYqpgKZnWXSkqwCwM5EnMBbAwlf6VFZVyYSVbMJXHhZ8GOpMCuvh2pM7vng7tloBj26sb7OCV2ijgvPOk0h7mxyZY6hdTAfUVAtJRttKIL6qL9mVfYW7tGTGXHwfvS2O7r3iwYjTflp8JAFtO%2Bkim%2B0an9DWAPqofqqGwlj1%2FEpdJxIXG3YstR9twcliM16kykELZt%2BUL6iRWAm5czTNj3Qt8OA37i3pExnZkPmaMbQ3%2FA1vGdYvi0vHOPXxRftLFk8EmbDQgmbgTMNv2OlHZEkZNWfxy%2BWEhodSYwcy5UG0I4cObWLQF9e2boN7fMCTTTY1hS0U%2F7SzStfl0Spn0yA33DBZlPBhvCcEnXmKzt67pokM42k2jMA54WdmBHni80GkQ7ULqL4Dg8SRVCN3dv%2Biu9pAtkY4%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20230206T212311Z&X-Amz-SignedHeaders=host&X-Amz-Expires=10800&X-Amz-Credential=ASIA4JBTF4USPJPXYIM3%2F20230206%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=773cee62094fcbbb35a2496c395ac165b0cf26e1e21961e2f652f361bbab1579>
Carter Sheehan
Cloud Engineer
d: +1 (781) 224-7753
e: csheehan at vestmark.com
This e-mail and any attachments hereto, are intended for use by the addressee(s)
only and may contain information that is confidential information of Vestmark,
Inc. If you are not the intended recipient of this e-mail, or if you have
otherwise received
this e-mail in error, please immediately notify me by telephone or by e-mail,
and please permanently delete the original, any print outs and any copies of the
foregoing. Any dissemination, distribution or copying of this e-mail is strictly
prohibited.
________________________________
From: samba <samba-bounces at lists.samba.org> on behalf of Carter Sheehan
via samba <samba at lists.samba.org>
Sent: Monday, February 6, 2023 3:31 PM
To: Jeremy Allison <jra at samba.org>
Cc: samba at lists.samba.org <samba at lists.samba.org>
Subject: Re: [Samba] SMB Multichannel not working?
Jeremy,
That's what is so vexxing about this, the SMB client in Windows Server 2019
has SMBv1 disabled by default. Using the articles you provided, I can confirm
that SMBv1 is not enabled for the SMB server/client.
Carter Sheehan
Cloud Engineer
d: +1 (781) 224-7753
e: csheehan at vestmark.com
This e-mail and any attachments hereto, are intended for use by the addressee(s)
only and may contain information that is confidential information of Vestmark,
Inc. If you are not the intended recipient of this e-mail, or if you have
otherwise received
this e-mail in error, please immediately notify me by telephone or by e-mail,
and please permanently delete the original, any print outs and any copies of the
foregoing. Any dissemination, distribution or copying of this e-mail is strictly
prohibited.
________________________________
From: Jeremy Allison <jra at samba.org>
Sent: Monday, February 6, 2023 2:17 PM
To: Carter Sheehan <csheehan at vestmark.com>
Cc: samba at lists.samba.org <samba at lists.samba.org>
Subject: Re: [Samba] SMB Multichannel not working?
External Email
This email was NOT sent from someone at Vestmark
On Sun, Feb 05, 2023 at 09:11:41PM +0000, Carter Sheehan
wrote:> Jeremy,
> I am clearing the contents of the packet capture with my security team and
> I'll have it available to you some time tomorrow.
> Regarding protocol negotiation, I have tried using some of the available
> server/client min/max protocol config options for smb.conf hoping it would
> "force" the use of SMB3+ but I still see the same SMB/SMBv2
packets in a
> wireshark capture and both the client and server display the connection as
> using dialect 3_11, so that doesn't seem to have any impact whatsoever
for
> me.
This is a clients feature I think, not controllable on the server-side.
When connecting to an unknown server a Windows client tries the SMB1->SMB2+
upgrade.
Just remove SMB1 from this client.
https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server<https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server><https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server<https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server>>
https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server#how-to-remove-smbv1-via-powershell<https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server#how-to-remove-smbv1-via-powershell><https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server#how-to-remove-smbv1-via-powershell<https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server#how-to-remove-smbv1-via-powershell>>
--
To unsubscribe from this list go to the following URL and read the
instructions:
https://lists.samba.org/mailman/options/samba<https://lists.samba.org/mailman/options/samba>