Koozali.org: home of the SME Server

Windows 10 remove SMB 1 - SMBServer share no longer accessible

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Windows 10 remove SMB 1 - SMBServer share no longer accessible
« Reply #15 on: May 02, 2018, 07:13:17 PM »
>> service samba restart
service smb restart
thanks,
updated my comment

I have opened a bug: https://bugs.contribs.org/show_bug.cgi?id=10575

patch and build on their way

Offline piran

  • ****
  • 502
  • +0/-0
Re: Windows 10 remove SMB 1 - SMBServer share no longer accessible
« Reply #16 on: May 02, 2018, 07:30:20 PM »
My pleasure. Was hoping you could fix the eternal SME-to-MSW alleged connectivity.

Since SME7, SME8 and now SME9 my efforts here do not achieve this until W10 is put to SMBv1. Use of SMBv1 is not good any more. However I need my powerful (Windows) editor and so have to copy/paste snapshots on my desktop into PuTTY sessions.

W10 (1803) - gigabit intranet - SME 9.2 (server gateway)  - router - optical broadband

If you need me to test something on the Windows box just let me know.

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Windows 10 remove SMB 1 - SMBServer share no longer accessible
« Reply #17 on: May 02, 2018, 07:47:35 PM »
fix will be available to test and report in a few minutes /hours depending on your local mirror :

https://bugs.contribs.org/show_bug.cgi?id=10575
My pleasure. Was hoping you could fix the eternal SME-to-MSW alleged connectivity.

If you need me to test something on the Windows box just let me know.

you could indeed test what is discussed on ths thread by doing what I suggested to do to test the connectivity in the post you found the error.

or wait a bit more and test the new rpm 

Offline piran

  • ****
  • 502
  • +0/-0
Re: Windows 10 remove SMB 1 - SMBServer share no longer accessible
« Reply #18 on: May 02, 2018, 07:58:45 PM »
FWIW: the SMB Status contrib in the Server Manager panel
----
smbstatus
Samba version 3.6.23-46el6_9
PID Username Group Machine
-------------------------------------------------------------------
Service pid machine Connected at
-------------------------------------------------------
No locked files
SME Server server 9.2
Copyright 1999-2006 Mitel Networks Corporation, Copyright (C) 2014 Koozali Foundation, Inc..
All rights reserved.
----

When the yum/rpm arrives I will test it.

Right now I just ran your "min" code in bugzilla...

>>you can also test the new property
>>config setprop smb ServerMinProtocol SMB2
>>expand-template /etc/smb.conf
>>service smb restart

...(after restart I manually re-edited smb.conf so that it did not show "server max protocol" but just "max protocol"). Can't immediately see any improvement or added connectivity. The error line in the messages log is not being added so that is good at least. No further connectivity as yet. Will try some more.

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Windows 10 remove SMB 1 - SMBServer share no longer accessible
« Reply #19 on: May 02, 2018, 09:52:00 PM »
FWIW: the SMB Status contrib in the Server Manager panel
----
smbstatus
Samba version 3.6.23-46el6_9
PID Username Group Machine
-------------------------------------------------------------------
Service pid machine Connected at
-------------------------------------------------------
No locked files
SME Server server 9.2
Copyright 1999-2006 Mitel Networks Corporation, Copyright (C) 2014 Koozali Foundation, Inc..
All rights reserved.
----
not relevant

When the yum/rpm arrives I will test it.

Right now I just ran your "min" code in bugzilla...

>>you can also test the new property
>>config setprop smb ServerMinProtocol SMB2
>>expand-template /etc/smb.conf
>>service smb restart

...(after restart I manually re-edited smb.conf so that it did not show "server max protocol" but just "max protocol"). Can't immediately see any improvement or added connectivity. The error line in the messages log is not being added so that is good at least. No further connectivity as yet. Will try some more.

you need to restart samba after the edition.

then restart the windows machine

I would first give a try without the min protocol set.  The important one is the max protocol to enable SMB2 on the server. And be careful, as default max is NT1/SMB1/CIFS, setting the minimum to SMB2 without setting the max value to higher will lead to no available protocol or ignored setting (not tested).

Offline Brenno

  • ****
  • 208
  • +0/-0
Re: Windows 10 remove SMB 1 - SMBServer share no longer accessible
« Reply #20 on: May 04, 2018, 02:55:14 PM »
I installed the new e-smith-samba package via yum this morning and set the ServerMaxProtocol to SMB2.  I have restarted SMB services and rebooted the server.  I still cannot access shares from clients with SMB1 disabled - in fact, I now cannot access from clients with SMB1 enabled, either.

Offline bas60

  • **
  • 53
  • +0/-0
Re: Windows 10 remove SMB 1 - SMBServer share no longer accessible
« Reply #21 on: May 04, 2018, 03:01:36 PM »
oh...  :(

I have the SAME problem but with just 1 PC

May be somehow managed to ZAP my network configuration

Other Pc's can connect with SMB1 enabled!!

I'm going to try REMOVING network adaptor and RESET network
I've seen that option on Win 10 Pro but never used it...
just googling a bit first !



Offline piran

  • ****
  • 502
  • +0/-0
Re: Windows 10 remove SMB 1 - SMBServer share no longer accessible
« Reply #22 on: May 04, 2018, 03:02:34 PM »
I too have nothing much good to report.
Except the single message log line no longer appears.
Cannot get the alleged SME-MSW connectivity without SMBv1.
Have not even tried the now deprecated SMBv1 in W10.
SME9 still needs magic sauce.

Code: [Select]
[root@uma tmp]# smbclient -U user -L localhost
Enter user's password:
Anonymous login successful
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.23-46el6_9]

        Sharename       Type      Comment
        ---------       ----      -------
        print$          Disk      Printer drivers
        Primary         Disk      Primary i-bay
.........snip private i-bays.........
        IPC$            IPC       IPC Service (SME Server)
Anonymous login successful
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.23-46el6_9]

        Server               Comment
        ---------            -------
        KATE                 default MSW
        UMA                  SME Server

        Workgroup            Master
        ---------            -------
        WORKGROUP            UMA
[root@uma tmp]#



[root@uma tmp]# smbclient -U user -L KATE
Enter user's password:
protocol negotiation failed: NT_STATUS_CONNECTION_RESET
[root@uma tmp]#

PostEdit: appended some snapshot code stuff and JPG of MSW diag
« Last Edit: May 04, 2018, 03:44:10 PM by piran »

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Windows 10 remove SMB 1 - SMBServer share no longer accessible
« Reply #23 on: May 04, 2018, 03:48:13 PM »
I installed the new e-smith-samba package via yum this morning and set the ServerMaxProtocol to SMB2.  I have restarted SMB services and rebooted the server.  I still cannot access shares from clients with SMB1 disabled - in fact, I now cannot access from clients with SMB1 enabled, either.
what is the output of :
Code: [Select]
config show smb
if you set config setprop smb ServerMinProtocol SMB2; then having SMB1 not working is the intended behaviour.

What are the windows version trying to connect to the SME ?Do they have SMB2 enabled.

Offline piran

  • ****
  • 502
  • +0/-0
Re: Windows 10 remove SMB 1 - SMBServer share no longer accessible
« Reply #24 on: May 04, 2018, 03:53:41 PM »
Code: [Select]
[root@uma tmp]# config show smb
smb=service
    DeadTime=10080
    KeepVersions=disabled
    OpLocks=enabled
    OsLevel=35
    RecycleBin=disabled
    RoamingProfiles=no
    ServerMaxProtocol=SMB2
    ServerName=UMA
    ServerProtocol=SMB2
    ServerRole=PDC
    ShadowCount=10
    ShadowDir=/home/e-smith/files/.shadow
    UnixCharSet=UTF8
    UseClientDriver=yes
    Workgroup=WORKGROUP
    protocol=SMB2
    server=max
    status=enabled
[root@uma tmp]#

I tried the MIN but the setprop entered it with the server word in front. Was not sure whether that too needed stripping out or otherwise patching. You indicated MAX more important so left the MIN attempt out.

W10 1803

>>Do they have SMB2 enabled?
See below

Code: [Select]
Get-SmbServerConfiguration
AnnounceComment                 :
AnnounceServer                  : False
AsynchronousCredits             : 64
AuditSmb1Access                 : False
AutoDisconnectTimeout           : 15
AutoShareServer                 : True
AutoShareWorkstation            : True
CachedOpenLimit                 : 10
DurableHandleV2TimeoutInSeconds : 180
EnableAuthenticateUserSharing   : False
EnableDownlevelTimewarp         : False
EnableForcedLogoff              : True
EnableLeasing                   : True
EnableMultiChannel              : True
EnableOplocks                   : True
EnableSecuritySignature         : False
EnableSMB1Protocol              : False
EnableSMB2Protocol              : True
EnableStrictNameChecking        : True
EncryptData                     : False
IrpStackSize                    : 15
KeepAliveTime                   : 2
MaxChannelPerSession            : 32
MaxMpxCount                     : 50
MaxSessionPerConnection         : 16384
MaxThreadsPerQueue              : 20
MaxWorkItems                    : 1
NullSessionPipes                :
NullSessionShares               :
OplockBreakWait                 : 35
PendingClientTimeoutInSeconds   : 120
RejectUnencryptedAccess         : True
RequireSecuritySignature        : False
ServerHidden                    : True
Smb2CreditsMax                  : 2048
Smb2CreditsMin                  : 128
SmbServerNameHardeningLevel     : 0
TreatHostAsStableStorage        : False
ValidateAliasNotCircular        : True
ValidateShareScope              : True
ValidateShareScopeNotAliased    : True
ValidateTargetName              : True
« Last Edit: May 04, 2018, 03:58:18 PM by piran »

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Windows 10 remove SMB 1 - SMBServer share no longer accessible
« Reply #25 on: May 04, 2018, 04:24:24 PM »
according to this thread : http://samba.2283325.n4.nabble.com/Can-t-join-Win10-to-Samba-3-6-23-td4722058.html

seems like to allow support of samba v2 with windows 10 you need to have samba4 in NT4 mode.

also if you want to be able to see windows 7 , and avoid issues with protocol negotiation need to disable SMB3 on the samba server.
 
so from that perspective, you are stuck with keeping SMB1enable and use the current reg patch on your windows client as usual.


a way would be to try to integrate the samba4 rpm available in centOS in SME9.

This will need some work and modification of a few core packages.

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: Windows 10 remove SMB 1 - SMBServer share no longer accessible
« Reply #26 on: May 04, 2018, 04:24:54 PM »
Quote
W10 1803

so you're doing some beta testing here :-D

Offline piran

  • ****
  • 502
  • +0/-0
Re: Windows 10 remove SMB 1 - SMBServer share no longer accessible
« Reply #27 on: May 04, 2018, 04:32:03 PM »
@JPP - Understood. Will await further whenever.

@Stefano - 1803 arrived completely automatically - just happened (honestly). Not forgetting that this (SME-to-MSW alleged connectivity WITHOUT SMBv1) hasn't worked for me ever - going back to at least SME7 if not before - memory blurred back then. Cheers.

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com

Offline piran

  • ****
  • 502
  • +0/-0
Re: Windows 10 remove SMB 1 - SMBServer share no longer accessible
« Reply #29 on: May 04, 2018, 04:56:37 PM »
Noted.

While updating/upgrading is in the air...
"SMB Direct" looks interesting :: SMB3.0 (previously SMB2.2 apparently).
The Windows 10 features/options table already has an opt-in
slot for it so it's no trouble at the MSW end of the negotiations.