Web lists-archives.com

[Samba] browsing problem with minimum protocol SMB2





I have a classic NT4 domain with the PDC also the wins server. With the recent ransomware problem, we're trying to remove SMB1 and below protocols.

However when I do this, the browse list is gone. Hosts can access properly the shares, but they have to know exactly \\machine\share in
order to to connect.  The same thing from a linux client:

smbclient -L {PDC} -m SMB2

Domain=[{MYDOMAIN}] OS=[] Server=[]

	Server               Comment
	---------            -------

	Workgroup            Master
	---------            -------

I.E. there's no information - The Server and Workgroup lists are empty. I can see information going into wins.dat and browse.dat, though. If I set
the PDCs min protocols to NT1, I get:

smbclient -L {PDC}

Domain=[{MYDOMAIN}] OS=[Windows 6.1] Server=[Samba 4.3.11-Ubuntu]

(list of hosts follows)

	Workgroup            Master
	---------            -------
	{OTHER_GROUP}        {GROUP_MASTER}

(etc)

What I do to set the minimum in my smb.conf is:

   server min protocol = SMB2
   server max protocol = SMB3
   client min protocol = SMB2
   client max protocol = SMB3
   min protocol = SMB2
   max protocol = SMB3
   client ipc min protocol = SMB2

Changing the server, client and min protocols to NT1 will give the browselist from the smbclient command without the -m SMB2

Same thing for windows clients - if I disable SMB1, then they cannot browse the domain.

Is there a configuration setup that will do browsing with SMB1/NT1 disabled ? I'm running 4.3.11 on my PDC.

Thanks.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba