Moertenhumer Martin
2025-Mar-14 12:07 UTC
[Samba] 4.20: smb.conf include = %I.conf / server min protocol
Hello, in the past I've used host-based configurations to allow older Windows XP machines to connect to recent servers (without reducing security for the entire network). Up until samba 4.19 this worked for me. Using 4.20 I'm facing the issue that "server min protocol = NT1" does not work when set in include=.../%I.conf. (setting server min protocol = NT1 in smb.conf's global section works). Any insights/ideas are highly appreciated. Kernel: 5.14.0-503.29.1.el9_5.x86_64 Red Hat Enterprise Linux release 9.5 (Plow) Samba version: samba-4.20.2-2.el9_5.x86_64 smb.conf: [global] allow insecure wide links = yes netbios aliases = somethingTEST somethingTEST acl allow execute always = True passdb backend = tdbsam wins support = true security = user server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 read raw = no map to guest = Bad Password cups options = raw follow symlinks = yes preferred master = yes load printers = yes guest account = liprod write raw = no os level = 20 netbios name = something wide links = yes workgroup = ratherNOTtell include = /etc/samba/client_based_cfg/%I.conf /etc/samba/client_based_cfg/10.2.10.4.conf: [global] server min protocol = NT1 map to guest = Bad Password ntlm auth = yes guest ok = yes log level = 3 Log (/var/log/samba/log.10.2.10.4) [2025/03/14 12:50:31.095021, 2] ../../source3/param/loadparm.c:2901(lp_do_section) Processing section "[printers]" [2025/03/14 12:50:31.095068, 2] ../../source3/param/loadparm.c:2901(lp_do_section) Processing section "[pcidos]" [2025/03/14 12:50:31.095126, 2] ../../source3/param/loadparm.c:2901(lp_do_section) Processing section "[fab]" [2025/03/14 12:50:31.095174, 2] ../../source3/param/loadparm.c:2901(lp_do_section) Processing section "[liident]" [2025/03/14 12:50:31.095200, 2] ../../source3/param/loadparm.c:2901(lp_do_section) Processing section "[sw-tank]" [2025/03/14 12:50:31.095228, 2] ../../source3/param/loadparm.c:2901(lp_do_section) Processing section "[labels]" [2025/03/14 12:50:31.095253, 2] ../../source3/param/loadparm.c:2901(lp_do_section) Processing section "[bar]" [2025/03/14 12:50:31.095278, 2] ../../source3/param/loadparm.c:2901(lp_do_section) Processing section "[benteler]" [2025/03/14 12:50:31.095306, 2] ../../source3/param/loadparm.c:2901(lp_do_section) Processing section "[shape]" [2025/03/14 12:50:31.095319, 2] ../../source3/param/loadparm.c:2901(lp_do_section) Processing section "[test]" [2025/03/14 12:50:31.095341, 3] ../../source3/param/loadparm.c:1686(lp_add_ipc) adding IPC service added interface eth0 ip=10.2.10.1 bcast=10.2.10.255 netmask=255.255.255.0 [2025/03/14 12:50:31.095513, 3] ../../source3/smbd/smb2_negprot.c:1203(smb2_multi_protocol_reply_negprot) smb2_multi_protocol_reply_negprot: No protocol supported ! [2025/03/14 12:50:31.095627, 3] ../../source3/smbd/server_exit.c:229(exit_server_common) Server exit (no protocol supported ) Thanks, Martin
Rowland Penny
2025-Mar-19 12:07 UTC
[Samba] 4.20: smb.conf include = %I.conf / server min protocol
On Fri, 14 Mar 2025 12:07:44 +0000 Moertenhumer Martin via samba <samba at lists.samba.org> wrote:> Hello, > > in the past I've used host-based configurations to allow older > Windows XP machines to connect to recent servers (without reducing > security for the entire network). Up until samba 4.19 this worked for > me. Using 4.20 I'm facing the issue that "server min protocol = NT1" > does not work when set in include=.../%I.conf. (setting server min > protocol = NT1 in smb.conf's global section works). > > Any insights/ideas are highly appreciated. >I recently found that the '%u' and '%U' variables do not return what you would expect. I have 'winbind use default domain = yes' set in smb.conf, so expect just the username for '%u' or '%U', but '%u' now returns '$NETBIOS_DOMAINusername and '%U' returns 'username_$DNS_DOMAIN'. I wonder if '%I' isn't returning the IP address correctly ? Rowland