SMB version negotiation

[FreeNASftw]

Hello,

My SMB settings are min protocol --, max protocol 3.1.1
My Ubuntu client requests LM1.2, LANMAN2.1, NT LM 0.12 and POSIX 2
FreeNAS responds with NT LM 0.12 which I believe translates to SMB1
If I make SMB 2 the minimum protocol, I can no longer connect.

Anyone know why this is?

 

[Dice]

@anodos may have clues.

 

[anodos]

It does appear that you are negotiating an SMB1 connection. It might be that your client is configured to do that. Post the smb.conf file from your Ubuntu machine (if you have one set up). What version of Ubuntu? What kernel version? What samba version?

Perform following commands on the Ubuntu Client and post the output:
testparm
uname -a
smbd -V

Establish an SMB session from the Ubuntu client and post the output of the following command on the FreeNAS server smbstatus.

 

[FreeNASftw]

From the client
I don't have an smb.conf file as SAMBA is not installed, only cifs-utils.

Code:

damonh@KITS-UbuntuNUC:~$ cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS"
NAME="Ubuntu"
VERSION="16.04.2 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.2 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial
damonh@KITS-UbuntuNUC:~$ cat /proc/version
Linux version 4.4.0-75-generic (buildd@lgw01-21) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4) ) #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017
damonh@KITS-UbuntuNUC:~$ testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
WARNING: The "syslog" option is deprecated
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
   server string = %h server (Samba, Ubuntu)
   server role = standalone server
   map to guest = Bad User
   obey pam restrictions = Yes
   pam password change = Yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   unix password sync = Yes
   syslog = 0
   log file = /var/log/samba/log.%m
   max log size = 1000
   dns proxy = No
   usershare allow guests = Yes
   panic action = /usr/share/samba/panic-action %d
   idmap config * : backend = tdb


[printers]
   comment = All Printers
   path = /var/spool/samba
   create mask = 0700
   printable = Yes
   browseable = No


[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
damonh@KITS-UbuntuNUC:~$ uname -a
Linux KITS-UbuntuNUC 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
damonh@KITS-UbuntuNUC:~$ smbd -V
The program 'smbd' is currently not installed. You can install it by typing:
sudo apt install samba
damonh@KITS-UbuntuNUC:~$

SAMBA not installed, is this a requirement to be a client?

From FreeNAS

Code:

root@freenas:/mnt/tank/usr/damon # smbstatus

Samba version 4.6.3-GIT-5753e7b
PID  Username  Group  Machine  Protocol Version  Encryption  Signing   
----------------------------------------------------------------------------------------------------------------------------------------
37982  damon  damon  KITS-UbuntuNUC.kitech.solutions (ipv4:10.0.0.69:59138) NT1  -  -   

Service  pid  Machine  Connected at  Encryption  Signing   
---------------------------------------------------------------------------------------------
tank  37982  KITS-UbuntuNUC.kitech.solutions Tue May  2 07:16:16 2017 ACST  -  -   

 

[anodos]

From the client
I don't have an smb.conf file as SAMBA is not installed, only cifs-utils.

Code:

damonh@KITS-UbuntuNUC:~$ cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS"
NAME="Ubuntu"
VERSION="16.04.2 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.2 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial
damonh@KITS-UbuntuNUC:~$ cat /proc/version
Linux version 4.4.0-75-generic (buildd@lgw01-21) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4) ) #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017
damonh@KITS-UbuntuNUC:~$ testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
WARNING: The "syslog" option is deprecated
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
   server string = %h server (Samba, Ubuntu)
   server role = standalone server
   map to guest = Bad User
   obey pam restrictions = Yes
   pam password change = Yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   unix password sync = Yes
   syslog = 0
   log file = /var/log/samba/log.%m
   max log size = 1000
   dns proxy = No
   usershare allow guests = Yes
   panic action = /usr/share/samba/panic-action %d
   idmap config * : backend = tdb


[printers]
   comment = All Printers
   path = /var/spool/samba
   create mask = 0700
   printable = Yes
   browseable = No


[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
damonh@KITS-UbuntuNUC:~$ uname -a
Linux KITS-UbuntuNUC 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
damonh@KITS-UbuntuNUC:~$ smbd -V
The program 'smbd' is currently not installed. You can install it by typing:
sudo apt install samba
damonh@KITS-UbuntuNUC:~$

SAMBA not installed, is this a requirement to be a client?

From FreeNAS

Code:

root@freenas:/mnt/tank/usr/damon # smbstatus

Samba version 4.6.3-GIT-5753e7b
PID  Username  Group  Machine  Protocol Version  Encryption  Signing  
----------------------------------------------------------------------------------------------------------------------------------------
37982  damon  damon  KITS-UbuntuNUC.kitech.solutions (ipv4:10.0.0.69:59138) NT1  -  -  

Service  pid  Machine  Connected at  Encryption  Signing  
---------------------------------------------------------------------------------------------
tank  37982  KITS-UbuntuNUC.kitech.solutions Tue May  2 07:16:16 2017 ACST  -  -  

No. Samba doesn't have to be installed. The Linux Kernel contains a CIFS client. You're very clearly using NT1. Now post the following:

• contents of /usr/local/etc/smb4.conf on your FreeNAS server
• command used to mount the samba share from the Ubuntu client.

 

[FreeNASftw]

Code:

damon@freenas:~ % cat /usr/local/etc/smb4.conf
[global]
  server max protocol = SMB3_11
  encrypt passwords = yes
  dns proxy = no
  strict locking = no
  oplocks = yes
  deadtime = 15
  max log size = 51200
  max open files = 469595
  logging = file
  load printers = no
  printing = bsd
  printcap name = /dev/null
  disable spoolss = yes
  getwd cache = yes
  guest account = nobody
  map to guest = Bad User
  obey pam restrictions = yes
  ntlm auth = no
  directory name cache size = 0
  kernel change notify = no
  panic action = /usr/local/libexec/samba/samba-backtrace
  nsupdate command = /usr/local/bin/samba-nsupdate -g
  server string = FreeNAS Server
  ea support = yes
  store dos attributes = yes
  lm announce = yes
  hostname lookups = yes
  time server = yes
  acl allow execute always = false
  dos filemode = yes
  multicast dns register = yes
  domain logons = no
  local master = yes
  idmap config *: backend = tdb
  idmap config *: range = 90000001-100000000
  server role = standalone
  netbios name = FREENAS
  workgroup = WORKGROUP
  security = user
  pid directory = /var/run/samba
  create mask = 0666
  directory mask = 0777
  client ntlmv2 auth = yes
  dos charset = CP437
  unix charset = UTF-8
  log level = 1
   

[Movies]
  path = "/mnt/tank/media/Movies"
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = yes
  vfs objects = zfs_space zfsacl streams_xattr aio_pthread
  hide dot files = yes
  guest ok = yes
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare
   

[Music]
  path = "/mnt/tank/media/Music"
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = yes
  vfs objects = zfs_space zfsacl streams_xattr aio_pthread
  hide dot files = yes
  guest ok = yes
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare
   

[TV]
  path = "/mnt/tank/media/TV"
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = yes
  vfs objects = zfs_space zfsacl streams_xattr aio_pthread
  hide dot files = yes
  guest ok = yes
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare
   

[Torrents]
  path = "/mnt/tank/media/Torrents"
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = yes
  vfs objects = zfs_space zfsacl streams_xattr aio_pthread
  hide dot files = yes
  guest ok = yes
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare
   

[homes]
  path = "/mnt/tank/usr"
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = yes
  vfs objects = zfs_space zfsacl streams_xattr aio_pthread
  hide dot files = yes
  guest ok = no
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare
   

[tank]
  path = "/mnt/tank"
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = yes
  vfs objects = zfs_space zfsacl streams_xattr aio_pthread
  hide dot files = yes
  guest ok = no
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare

fstab entry -
//freenas/Movies /home/mnt cifs credentials=/home/damonh/Desktop/.smbcred,_netdev,uid=1000,gid=1000,iocharset=utf8,auto 0 0
Manual -
sudo mount -t cifs //freenas/Movies /home/mnt most of the media shares have guest access.

 

[anodos]

Code:

damon@freenas:~ % cat /usr/local/etc/smb4.conf
[global]
  server max protocol = SMB3_11
  encrypt passwords = yes
  dns proxy = no
  strict locking = no
  oplocks = yes
  deadtime = 15
  max log size = 51200
  max open files = 469595
  logging = file
  load printers = no
  printing = bsd
  printcap name = /dev/null
  disable spoolss = yes
  getwd cache = yes
  guest account = nobody
  map to guest = Bad User
  obey pam restrictions = yes
  ntlm auth = no
  directory name cache size = 0
  kernel change notify = no
  panic action = /usr/local/libexec/samba/samba-backtrace
  nsupdate command = /usr/local/bin/samba-nsupdate -g
  server string = FreeNAS Server
  ea support = yes
  store dos attributes = yes
  lm announce = yes
  hostname lookups = yes
  time server = yes
  acl allow execute always = false
  dos filemode = yes
  multicast dns register = yes
  domain logons = no
  local master = yes
  idmap config *: backend = tdb
  idmap config *: range = 90000001-100000000
  server role = standalone
  netbios name = FREENAS
  workgroup = WORKGROUP
  security = user
  pid directory = /var/run/samba
  create mask = 0666
  directory mask = 0777
  client ntlmv2 auth = yes
  dos charset = CP437
  unix charset = UTF-8
  log level = 1


[Movies]
  path = "/mnt/tank/media/Movies"
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = yes
  vfs objects = zfs_space zfsacl streams_xattr aio_pthread
  hide dot files = yes
  guest ok = yes
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare


[Music]
  path = "/mnt/tank/media/Music"
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = yes
  vfs objects = zfs_space zfsacl streams_xattr aio_pthread
  hide dot files = yes
  guest ok = yes
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare


[TV]
  path = "/mnt/tank/media/TV"
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = yes
  vfs objects = zfs_space zfsacl streams_xattr aio_pthread
  hide dot files = yes
  guest ok = yes
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare


[Torrents]
  path = "/mnt/tank/media/Torrents"
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = yes
  vfs objects = zfs_space zfsacl streams_xattr aio_pthread
  hide dot files = yes
  guest ok = yes
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare


[homes]
  path = "/mnt/tank/usr"
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = yes
  vfs objects = zfs_space zfsacl streams_xattr aio_pthread
  hide dot files = yes
  guest ok = no
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare


[tank]
  path = "/mnt/tank"
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = yes
  vfs objects = zfs_space zfsacl streams_xattr aio_pthread
  hide dot files = yes
  guest ok = no
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare

fstab entry -
//freenas/Movies /home/mnt cifs credentials=/home/damonh/Desktop/.smbcred,_netdev,uid=1000,gid=1000,iocharset=utf8,auto 0 0
Manual -
sudo mount -t cifs //freenas/Movies /home/mnt most of the media shares have guest access.

There doesn't seem to be anything wrong with your client or server config or your mount string.

Your smb4.conf share paths indicate that you are running FreeNAS nightlies. Does the same problem manifest itself on the stable branch?

It's possible that there is a problem with some Linux kernel cifs drivers. Earlier today I helped someone with a similar problem, and it was resolved with a kernel update. Can you try a VM with a different Linux distro with a different kernel?

 

[FreeNASftw]

I know I had a lot of sharing problems after changing from stable to 11 nightlies, as in, none of my shares were working, so after a lot of troubleshooting I 'resolved' it by dropping the minimum SMB version back to --- . I believe this was only affecting linux clients as I tested with my Windows laptop and it was all good.
I have raised a few bug reports regarding networking and SMB in VM's but I don't think I've raised one for this.
I could spin up a VM... but SMB is broken in FreeNAS VM's, at least on this train. VM's have internet access and can see some devices but can't establish SMB connections.
I'll try to spin one up on this client and get back to you.

 

[anodos]

I know I had a lot of sharing problems after changing from stable to 11 nightlies, as in, none of my shares were working, so after a lot of troubleshooting I 'resolved' it by dropping the minimum SMB version back to --- . I believe this was only affecting linux clients as I tested with my Windows laptop and it was all good.
I have raised a few bug reports regarding networking and SMB in VM's but I don't think I've raised one for this.
I could spin up a VM... but SMB is broken in FreeNAS VM's, at least on this train. VM's have internet access and can see some devices but can't establish SMB connections.
I'll try to spin one up on this client and get back to you.

If you can definitely establish that the problem is not client-related, then it may be worth posting a bug report.

 

[FreeNASftw]

Ok, so I tried a LinuxMint in VMWare Player on my desktop, it could only connect using NT 1. I've just spun up Win 7, also in VMWare Player on my desktop and it's connected using SMB 2.1 even with the minimum protocol set to ---, so Windows VM is behaving as expected.
I tried spinning up a non Debian VM but had issues with VMWare player. I can try that again later.

 

[FreeNASftw]

Well, I just killed my LAGG trying to sort out a different issue (Plugin tree view and on/off not working - killing the LAGG fixed that issue) but it doesn't seem to have made a difference to the SMB.

 

[FreeNASftw]

Bug created - https://bugs.freenas.org/issues/23702

 

[anodos]

Try manually specifying the smb version using "vers=3.0" For example:
mount.cifs //192.168.42.42/TestShare /mnt/SAMBA -o username=foo,vers=3.0

 

[FreeNASftw]

Try manually specifying the smb version using "vers=3.0" For example:
mount.cifs //192.168.42.42/TestShare /mnt/SAMBA -o username=foo,vers=3.0

Winner winner chicken dinner. Still a bug though yeah? It should negotiate the highest supported version?

 

[FreeNASftw]

Where did the vers= option come from? I've read the man page both before posting this problem and just now. I haven't found any reference to it.
Why does specifying SMB 3 work? It isn't listed as an option by the client, or is that what 'POSIX 2' is supposed to be?

 

[anodos]

Winner winner chicken dinner. Still a bug though yeah? It should negotiate the highest supported version?

Not a bug. mount.cifs doesn't always negotiate the highest supported protocol (default just depends on version of cifs-utils). Regarding the manpage, I spun up a CentOS7 VM and checked the local manpage ;)

 

[FreeNASftw]

Thanks mate, can't believe I looked for and read everything I could possibly find online but didn't check the local manual... :(
My obviously uneducated opinion is that it's a bit poor that it should just fail when other, better, protocols are mutually supported. - not a SAMBA/FN criticism.

 

[Dice]

Thanks mate, can't believe I looked for and read everything I could possibly find online but didn't check the local manual... :(

This is oh so common.
A good reminder for reference.

 

[FreeNASftw]

I have another question (I've even checked the local man pages for hints and found none)...
Under Ubuntu, I mount an SMB share, the dataset is owned by myusername and wheelgroup, if I don't specify any options besides username and password, the mount succeeds using NT1. The ownership of that dataset are apparent as myusername and wheel/root (due to GID 0 being wheel on FreeNAS, root on linux). If I specify a higher SMB version, the ownership of the dataset is root root.

I know that there are mode and GID/UID options, I know that, I know how to use them (mostly... with some googling for reassurance), is it odd that the ownership information is provided using an antiquated SMB version but not with the newer ones?

 

[SweetAndLow]

I have another question (I've even checked the local man pages for hints and found none)...
Under Ubuntu, I mount an SMB share, the dataset is owned by myusername and wheelgroup, if I don't specify any options besides username and password, the mount succeeds using NT1. The ownership of that dataset are apparent as myusername and wheel/root (due to GID 0 being wheel on FreeNAS, root on linux). If I specify a higher SMB version, the ownership of the dataset is root root.

I know that there are mode and GID/UID options, I know that, I know how to use them (mostly... with some googling for reassurance), is it odd that the ownership information is provided using an antiquated SMB version but not with the newer ones?

Not really that strange. To get the user/group mapping you need the uid/gid to match on the freenas system and your Linux system.

If you don't want to bother changing the uid/gids to match then you can add the uid flag and give it the id of your Linux user. Same goes for the gid.

Sent from my Nexus 5X using Tapatalk