Help with Samba36 and Windows 10

I setup samba36-server version 3.6.25 on my router
I can connect to it using a linux machine and running smbclient //10.0.0.1/Share,
but windows tells me its still using the SMB1 protocol.

Heres my config template:

[global]
	netbios name = |NAME| 
	display charset = |CHARSET|
	interfaces = |INTERFACES|
	server string = |DESCRIPTION|
	unix charset = |CHARSET|
	workgroup = |WORKGROUP|
	bind interfaces only = yes
	deadtime = 30
	enable core files = no
	invalid users = root
	local master = no
	map to guest = Bad User
	client max protocol = SMB3
	client min protocol = SMB2
	server max protocol = SMB3
	server min protocol = SMB2
	min receivefile size = 16384
	null passwords = yes
	passdb backend = smbpasswd
	security = user
	smb passwd file = /etc/samba/smbpasswd
	use sendfile = yes

I do have interfaces attached to it as well.
I have no clue as to why windows would say its still using SMB1...

So powershell Get-SmbConnection is reporting dialect 1.0 after you mapped the network drive on the windows client?

What Windows 10 version do you run? There should be no 1.0 support anymore after 1709 and you would have to manually add this again via windows software features? If you did this, remove the legacy smb 1.0 support again and manually use network path via explorer to connect to the router (\\routername\sharename).

I can't map the network drive, as I am running a Windows version past 1709,
I would like to use SMB2 though, since the whole SMB1 malware issue...
Is there a reason my router refuses to use SMB2?

So did you add the legacy smb 1.0 support via windows components? There should be no smb 1.0 support in windows 1709+ by default anymore, so just to-be on the same side what is Get-SmbConnection reporting?

Why cant you map the network drive, this works the same in window 1709+ as before?

As of Windows 10 1709+ it shows https://i.imgur.com/PUE854h.png

Oki try remove all the lines:

client max protocol = SMB3
client min protocol = SMB2
server max protocol = SMB3
server min protocol = SMB2

The highest Samba 3.6 supports is smb2.1. What is testparm give you on the router via ssh?

Same error after removing those lines, and the command testparm doesn't exist...

There exists this package feed (http://bin.entware.net/) with samba 4.8, maybe try this feed or if you build your own firmware from master i have a feed with the latest samba 4.8 here: https://github.com/Andy2244/openwrt-extra

You can also try the sub protocols, https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html#SERVERMAXPROTOCOL

Only server min protocol = should be needed to change, but than again defaults should also take care of protocol exchange....

I'll try the feed and report back.

So the feed you sent me didn't support my router architecture, and samba36 seems to ignore the server min protocol options

Sorry i havn't used samba3.6 on openwrt for years, so the last time i tried this was with windows 7. I use samba4, since than and don't have any issues. I try to get it merged to openwrt, but its still under review. So other than using my feed and compile your own version, i can't really help.

Maybe just install the legacy smb 1.0 component for now if you don't get any help or don't want to go through compiling your own firmware.

How would I go about compiling my own firmware?

1: https://openwrt.org/docs/guide-developer/build-system/install-buildsystem
2: https://openwrt.org/docs/guide-developer/using_the_sdk

alternative using docker: https://github.com/jandelgado/lede-dockercompiler

I use a ubuntu server in a VM (hyper-v), but WSL should also work: https://docs.microsoft.com/en-us/windows/wsl/install-win10. Its just slower, because of bad io-performance.

  1. Install the compile tools (1) and source via git clone https://git.lede-project.org/source.git
  2. Add my feed and update the feeds, see my docu.
  3. Than set your target and extra packages you want (luci, samba, vpn ,...) via make menuconfig (*).
  4. Now do compile it via make -j4 and wait for the output.

PS: Make sure to verify that the final image size fits on your router or you need to compile it via modules (m) and setup a extroot: https://openwrt.org/docs/guide-user/additional-software/extroot_configuration.

Just remembered that it could be a simple guest security issues, see here:
https://support.microsoft.com/de-ch/help/4046019/guest-access-smb2-disabled-by-default-in-windows-10-server-2016

or

Ok Try the security level 2 in windows 10

Control Panel>System and Security >Administrative tools>Local Security Policy>expand Local Policies > Security options > click on Network security: Lan Manager authentication level > Then in the field choose> Send NTLMv2 responses only > click on Apply, then ok and close all