Web lists-archives.com

[Samba] SMB3.11 and receiving NT_STATUS_SMB_BAD_CLUSTER_DIALECT




We have the situation where we are trying to send to a server that has a cluster configuration. When we negotiate, it tells us to talk 3.11. When we actually try to send the file, the share's max protocol is actually only 3.02 and so the Microsoft server sends a NT_STATUS_SMB_BAD_CLUSTER_DIALECT, which means they expect the client to reconnect negotiating only 3.02 as max protocol. Looking through the samba source code, up to 4.9.3, I don't really see any support for this capability. Here's some of Microsoft's documentation:

3.3.5.7 Receiving an SMB2 TREE_CONNECT Request

When the server receives a request with an SMB2 header with a Command value equal to SMB2 TREE_CONNECT, message handling proceeds as follows:
The server MUST locate the authenticated session, as specified in section 3.3.5.2.9.
If Connection.Dialect is "3.1.1" and Session.IsAnonymous and Session.IsGuest are set to FALSE and the request is not signed or not encrypted, then the server MUST disconnect the connection.
The server MUST parse the Unicode string in the Buffer field, specified by PathOffset and PathLength fields, to extract the hostname and sharename components, as specified in [MS-DTYP] section 2.2.49. If the Buffer field is not in the format specified in section 2.2.9, the server MUST fail the request with STATUS_INVALID_PARAMETER. Otherwise, the server MUST provide the tuple <hostname, sharename> parsed from the request message to invoke the event specified in [MS-SRVS] section 3.1.6.8, to normalize the hostname by resolving server aliases and evaluating share scope. The server MUST use <normalized hostname, sharename> to look up the Share in ShareList. If no share with a matching share name and server name is found, the server MUST fail the request with STATUS_BAD_NETWORK_NAME. If a share is found, the server MUST do the following:
If Share.Type includes STYPE_CLUSTER_FS, STYPE_CLUSTER_SOFS, or STYPE_CLUSTER_DFS and Connection.Dialect is greater than MaxClusterDialect and SMB2_TREE_CONNECT_FLAG_CLUSTER_RECONNECT is not set in Flags/Reserved field, the server MUST fail the request with STATUS_SMB_BAD_CLUSTER_DIALECT (0xC05D0001) and if Connection.Dialect is SMB 3.1.1, the server MUST return error data as specified in section 2.2.2 with ByteCount set to 10, ErrorContextCount set to 1, and ErrorData set to SMB2 ERROR Context response formatted as ErrorDataLength set to 2, ErrorId set to 0, and ErrorData set to MaxClusterDialect; otherwise, the server MUST return error data as specified in section 2.2.2 with ByteCount set to 2 and ErrorContextData set to MaxClusterDialect.

Is this something that the samba code should support ? Should there be something in the configuration that says we do or don't support it ?  In other Microsoft documentation I see:

3.3.5.7 Receiving an SMB2 TREE_CONNECT Request
When the server receives a request with an SMB2 header with a Command value equal to SMB2
TREE_CONNECT, message handling proceeds as follows:
The server MUST locate the authenticated session, as specified in section 3.3.5.2.9.
If Connection.Dialect is "3.1.1" and Session.IsAnonymous and Session.IsGuest are set to FALSE
and the request is not signed or not encrypted, then the server MUST disconnect the connection.
280 / 441
[MS-SMB2] - v20171201
Server Message Block (SMB) Protocol Versions 2 and 3
Copyright (c) 2017 Microsoft Corporation
Release: December 1, 2017
The server MUST parse the Unicode string in the Buffer field, specified by PathOffset and
PathLength fields, to extract the hostname and sharename components, as specified in [MS-DTYP]
section 2.2.49. If the Buffer field is not in the format specified in section 2.2.9, the server MUST fail
the request with STATUS_INVALID_PARAMETER. Otherwise, the server MUST provide the tuple
<hostname, sharename> parsed from the request message to invoke the event specified in [MSSRVS]
section 3.1.6.8, to normalize the hostname by resolving server aliases and evaluating share
scope. The server MUST use <normalized hostname, sharename> to look up the Share in
ShareList. If no share with a matching share name and server name is found, the server MUST fail
the request with STATUS_BAD_NETWORK_NAME. If a share is found, the server MUST do the
following:
If Share.Type includes STYPE_CLUSTER_FS, STYPE_CLUSTER_SOFS, or STYPE_CLUSTER_DFS and
Connection.Dialect is greater than MaxClusterDialect and
SMB2_TREE_CONNECT_FLAG_CLUSTER_RECONNECT is not set in Flags/Reserved field, the server
MUST fail the request with STATUS_SMB_BAD_CLUSTER_DIALECT (0xC05D0001) and if
Connection.Dialect is SMB 3.1.1, the server MUST return error data as specified in section 2.2.2 with
ByteCount set to 10, ErrorContextCount set to 1, and ErrorData set to SMB2 ERROR Context
response formatted as ErrorDataLength set to 2, ErrorId set to 0, and ErrorData set to
MaxClusterDialect; otherwise, the server MUST return error data as specified in section 2.2.2 with
ByteCount set to 2 and ErrorContextData set to MaxClusterDialect.

We want to make sure it's not a configuration item we can set when we build the smbclient. Right now we are building 4.7.5 as our latest version.

Regards,
Mike T

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba