Samba share and SMB version protocol settings

Fercon · August 7, 2017, 6:19pm

Hi! I have a c2600 with LEDE 17.01.2 r3435. I set up Samba share with the default server settings and a share with this settings:

config sambashare option read_only 'no' option guest_ok 'yes' option create_mask '0777' option dir_mask '0777' option path '/mnt/sda1/' option name 'sda'

My win7 PCs can access and writes it but my win10 notebooks can't see, because the SMB1 protocol is uninstalled by security reasons.
So I add this line to the global configurations on LEDE:

min protocol = SMB2

After the samba restart the win10 still not see the share and win7 still see it but now throw me a login window.

Is there any configuration options that let me use SMB share both on win7 and win10?

HimuraCarter · August 7, 2017, 9:03pm

SMB3 should help.

Fercon · August 8, 2017, 10:11pm

Samba server version for LEDE is not support SMB3.

HimuraCarter · August 9, 2017, 6:36am

https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html

server max protocol (G)

The value of the parameter (a string) is the highest protocol level that will be supported by the server.

Possible values are :

LANMAN1: First modern version of the protocol. Long filename support.

LANMAN2: Updates to Lanman1 protocol.

NT1: Current up to date version of the protocol. Used by Windows NT. Known as CIFS.

SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available.

SMB2_02: The earliest SMB2 version.

SMB2_10: Windows 7 SMB2 version.

SMB2_22: Early Windows 8 SMB2 version.

SMB2_24: Windows 8 beta SMB2 version.

By default SMB2 selects the SMB2_10 variant.

SMB3: The same as SMB2. Used by Windows 8. SMB3 has sub protocols available.

SMB3_00: Windows 8 SMB3 version. (mostly the same as SMB2_24)

By default SMB3 selects the SMB3_00 variant.

Normally this option should not be set as the automatic negotiation phase in the SMB protocol takes care of choosing the appropriate protocol.

Default: server max protocol = SMB3

Example: server max protocol = LANMAN1

Doppel-D · September 19, 2018, 5:04am

Tried it with 18.06.1 and added min protocol = SMB2 to the template. On a Win10_1803 with removed smb1 the server+ shares won't show up. Same with SMB3.

Addendum: Ubuntu 18.04 access possible, a direct network mapping like \\server\share also works with Win10

HimuraCarter · September 20, 2018, 5:10am

According to official documentation, I have removed that line at all.
You CAN use SMB3, at least, it worked for me.

Doppel-D · September 20, 2018, 2:49pm

Thank you for you feedback! I used smb3, same effect. Are you shure your clients are using smb>=2? If you also have smb1 installed perhaps they negotiate this.

It also depends which version in openwrt is compiled how. Your link is speaking in general terms, I got redirected to https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html

Anyone else using protocol explicitly >=smb2 with Win10 and browse server list is working?

mike · September 20, 2018, 5:14pm

Anyone else using protocol explicitly >=smb2 with Win10 and browse server list is working?

This doesn't really answer your question, but I had that problem in Ubuntu 16.04.4.

HimuraCarter · September 20, 2018, 5:29pm

[global]
netbios name = MyBookLive
display charset = UTF-8
interfaces = lo eth0
server string = WesternDigital
unix charset = UTF-8
workgroup = WORKGROUP
bind interfaces only = yes
deadtime = 3
enable core files = no
getwd cache = yes
invalid users = root
local master = yes
load printers = yes
map to guest = never
min receivefile size = 0
name resolve order = wins lmhosts host bcast
null passwords = no
passdb backend = smbpasswd
security = user
smb passwd file = /etc/samba/smbpasswd
use sendfile = no
wide links = no

OpenWrt 18.06-SNAPSHOT, r6922-60522320f6
Uptime 31d 10h 46m 15s
This config works with any OS I've ever tried. I run SAMBA server on MyBookLive. As you see, I don't use MIN or MAX PROTOCOL option at all. Point your attention to "name resolve order"

HimuraCarter · September 20, 2018, 5:55pm

https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html This link refers to Samba v3.x.x documentation
For example

abort shutdown script (G) where (G) means GLOBAL section
acl allow execute always (S) where (S) means SHARE section

Doppel-D · September 21, 2018, 3:49am

If you are running your samba server on a MyBookLive than this is a total different story. If I remove min protocol = SMB2 then SMB1 will be used and Win10 is complaining as it should.

"You can't connect to the file share because it's not secure. This share requires the obsolete SMB1 protocol, which is unsafe and could expose your system to attack.
Your system requires SMB2 or higher. For more info on resolving this issue, see: https://go.microsoft.com/fwlink/?linkid=852747"

Also "name resolve order = wins lmhosts host bcast" only makes sense if you have a wins server/daemon or local lmhosts file.

Strange: Now I only get a SMB2 connection if I use both options, if only min is used smb1 is used. Not shure if something messed up (Win10 or openwrt) or consistent behavior.

min protocol = SMB2
max protocol = SMB2

Addendum: Even "local master = yes" and "preferred master = yes" didn't help.

This first looks promising, but
"Windows 10 Home and Professional editions are unchanged from their previous default behavior."

But what hits the nail: https://support.microsoft.com/en-us/help/4034314/smbv1-is-not-installed-by-default-in-windows

"Because the Computer Browser service relies on SMBv1, the service is uninstalled if the SMBv1 client or server is uninstalled. This means that Explorer Network can no longer display Windows computers through the legacy NetBIOS datagram browsing method."

There is a workaround mentioned in the above document, but haven't tried.

Doppel-D · October 15, 2018, 9:09am

protocol = SMB2

solved problems on my ubuntu 18.04 nas and the samba share on my openwrt router after switching to smb2. Problem client dependend.

arooni · July 24, 2020, 11:03pm

Hi; running 19.07.3

On ubuntu with this in /etc/fstab:
//192.168.1.1/routerdrive /media/HardDriveArooni cifs guest,uid=1000,iocharset=utf8,dir_mode=0777,file_mode=0777,gid=1000,auto,_netdev,vers=1.0 0 0

It seems that even though I've tried to force SMB3 protocol it only mounts successfully with the version 1.0 protocol. ideas?

root@OpenWrt:/etc/samba# cat smb.conf
[global]
        netbios name = OpenWRT
        display charset = UTF-8
        interfaces = lo br-lan
        server string = OpenWRT
        unix charset = UTF-8
        workgroup = WORKGROUP
        bind interfaces only = yes
        deadtime = 30
        enable core files = no
        invalid users = root
        local master = no
        map to guest = Bad User
        max protocol = SMB3
        min protocol = SMB3
        min receivefile size = 16384
        null passwords = yes
        passdb backend = smbpasswd
        security = user
        smb passwd file = /etc/samba/smbpasswd
        use sendfile = yes

[homes]
        comment     = Home Directories
        browsable   = no
        read only   = no
        create mode = 0750

[RouterDrive]
        path = /mnt/disk
        read only = no
        guest ok = yes
        browseable = yes

trying the 3.0 version value results in
[49293.694897] CIFS: Attempting to mount //192.168.1.1/routerdrive
[49293.711502] CIFS VFS: cifs_mount failed w/return code = -2