On Fri, 18 Oct 2024 09:14:01 +0200 Gilles via samba <samba at lists.samba.org> wrote:> On 17/10/2024 19:19, Rowland Penny via samba wrote: > > Your Samba server isn't using NTLMv1 (aka SMBv1), but it appears > > the > client is. > > Odd. I disabled it after installing Windows10. Following MS > instructions > <https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server>, > here's what the PowerShell command says: ==============> PS C:\WINDOWS\system32> Get-WindowsOptionalFeature -Online > -FeatureName SMB1Protocol > > FeatureName????? : SMB1Protocol > DisplayName????? : SMB 1.0/CIFS File Sharing Support > Description????? : Support for the SMB 1.0/CIFS file sharing > protocol, and the Computer Browser protocol. > RestartRequired? : Possible > State??????????? : Disabled > CustomProperties : > ?????????????????? ServerComponent\Description : Support for the SMB > 1.0/CIFS file sharing protocol, and the Computer > ?????????????????? Browser protocol. > ?????????????????? ServerComponent\DisplayName : SMB 1.0/CIFS File > Sharing Support > ?????????????????? ServerComponent\Id : 487 > ?????????????????? ServerComponent\Type : Feature > ?????????????????? ServerComponent\UniqueName : FS-SMB1 > ?????????????????? ServerComponent\Deploys\Update\Name : SMB1Protocol > ==============> > The relevant item is also unchecked in Control Panel: > https://postimg.cc/TpzL7jBZ > > > You still appear to be using parameters that were removed a long > > time > ago. > > Possible, since stuff on the Internet doesn't always say what version > it applies to. Is there a recommended book for Samba 4 or a tool that > scans an smb.conf and makes recommendations? > > Here's my smb.conf: > ==============> [global] > workgroup = WORKGROUP > netbios name = DEBIAN > > security = user > map to guest = Bad User > ;map to guest = Bad Password > ;www-data used by Nginx > guest account = www-data > > hosts allow = 127.0.0.1 192.168.0.0/24 > hosts deny = 0.0.0.0/0 > > bind interfaces only = yes > interfaces = 192.168.0.15/255.255.255.0 127.0.0.1/255.255.255.255 > > log level = 2 > > disable netbios = yes > > ;this avoids needless errors in the logs if you have no printer > printcap name = /dev/null > load printers = no > printing = bsd > > [www] > path = /usr/share/nginx > ;comment = No need for Unix/Samba passwords > guest ok = yes > writeable=yes > browseable=yes > force create mode = 0644 > create mask = 0664 > security mask = 0664 > force security mode = 0664 > > [sdcard] > path = /mnt/sdcard > ;comment = No need for Unix/Samba passwords > guest ok = yes > writeable=yes > browseable=yes > force create mode = 0644 > create mask = 0664 > ==============I agree this is very strange, you have (even though not visible because they are the defaults) these lines in your smb.conf: client min protocol = SMB2_02 server min protocol = SMB2_02 You have also now added: disable netbios = yes So, you shouldn't be using SMBv1 (aka NTLMv1) and it shouldn't be possible to use it, but something seems to be trying to. You have these in the log fragments you posted earlier: 19:02:13.470182 CEST] with [NTLMv1] status [NT_STATUS_NO_SUCH_USER] "passwordType": "NTLMv1" Try turning up the logging, it may help in identifying where these logon attempts are coming from. Rowland
On 18/10/2024 10:51, Rowland Penny via samba wrote:> I agree this is very strange, you have (even though not visible because > they are the defaults) these lines in your smb.conf: > > client min protocol = SMB2_02 > server min protocol = SMB2_02 > > You have also now added: > > disable netbios = yes > > So, you shouldn't be using SMBv1 (aka NTLMv1) and it shouldn't be > possible to use it, but something seems to be trying to. You have these > in the log fragments you posted earlier: > > 19:02:13.470182 CEST] with [NTLMv1] status [NT_STATUS_NO_SUCH_USER] > > "passwordType": "NTLMv1" > > Try turning up the logging, it may help in identifying where these > logon attempts are coming from.1. I added those two lines in Global, reloaded the file: Still slow client min protocol = SMB2_02 server min protocol = SMB2_02 smbcontrol smbd reload-config tail -f /var/log/samba/log.smbd 2. Edited smb.conf to increase its "log level" to 3 (per www.oreilly.com/openbook/samba/book/ch04_08.html), reloaded: smbcontrol smbd reload-config tail -f /var/log/samba/log.smbd Here's what it says when I double-click on the Samba host in Windows' Network: [2024/10/18 11:30:34.101979,? 3] ../../lib/util/access.c:372(allow_access) ? Allowed connection from 192.168.0.17 (192.168.0.17) [2024/10/18 11:30:34.103350,? 3] ../../source3/smbd/smb2_service.c:610(make_connection_snum) ? make_connection_snum: Connect path is '/tmp' for service [IPC$] [2024/10/18 11:30:34.104403,? 3] ../../source3/smbd/vfs.c:115(vfs_init_default) ? Initialising default vfs hooks [2024/10/18 11:30:34.105484,? 3] ../../source3/smbd/vfs.c:141(vfs_init_custom) ? Initialising custom vfs hooks from [/[Default VFS]/] [2024/10/18 11:30:34.106969,? 3] ../../source3/smbd/smb2_service.c:840(make_connection_snum) ? mini-lenovo (ipv4:192.168.0.17:57960) connect to service IPC$ initially as user www-data (uid=33, gid=33) (pid 7345)