Web lists-archives.com

Re: [Samba] browsing problem with minimum protocol SMB2




Hello, 

> we're trying to remove SMB1 and below 
> protocols.
> 
> However when I do this, the browse list is gone.

The functionality around browse list depends on SMB1, so it 
can not work under SMB2.

-- 
TAKAHASHI Motonobu/高橋 基信 <monyo@xxxxxxxxx>

-----Original Message-----
From: Dirk Kleinhesselink via samba <samba@xxxxxxxxxxxxxxx>
Sent: Wed, 17 May 2017 16:42:05 -0700 (PDT)
To: samba@xxxxxxxxxxxxxxx
Cc: 
Subject: [Samba] browsing problem with minimum protocol SMB2

I have a classic NT4 domain with the PDC also the wins server.  With the 
recent ransomware problem, we're trying to remove SMB1 and below 
protocols.

However when I do this, the browse list is gone.  Hosts can access 
properly the shares, but they have to know exactly \\machine\share in
order to to connect.  The same thing from a linux client:

smbclient -L {PDC} -m SMB2

Domain=[{MYDOMAIN}] OS=[] Server=[]

 	Server               Comment
 	---------            -------

 	Workgroup            Master
 	---------            -------

I.E. there's no information - The Server and Workgroup lists are empty.  I 
can see information going into wins.dat and browse.dat, though.  If I set
the PDCs min protocols to NT1, I get:

smbclient -L {PDC}

Domain=[{MYDOMAIN}] OS=[Windows 6.1] Server=[Samba 4.3.11-Ubuntu]

(list of hosts follows)

 	Workgroup            Master
 	---------            -------
 	{OTHER_GROUP}        {GROUP_MASTER}

(etc)

What I do to set the minimum in my smb.conf is:

    server min protocol = SMB2
    server max protocol = SMB3
    client min protocol = SMB2
    client max protocol = SMB3
    min protocol = SMB2
    max protocol = SMB3
    client ipc min protocol = SMB2

Changing the server, client and min protocols to NT1 will give the 
browselist from the smbclient command without the -m SMB2

Same thing for windows clients - if I disable SMB1, then they cannot 
browse the domain.

Is there a configuration setup that will do browsing with SMB1/NT1 
disabled ?  I'm running 4.3.11 on my PDC.

Thanks.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba