subject:"Re\: Samba version woes"

Re: Samba version woes

2018-01-16 Thread Patrick O'Callaghan

On Tue, 2018-01-16 at 11:13 +1100, Cameron Simpson wrote:
> On 15Jan2018 22:57, Patrick O'Callaghan  wrote:
> > On Tue, 2018-01-16 at 08:17 +1100, Cameron Simpson wrote:
> > > Last year we bought an HP Proliant G8. It has a cool cubic form mactor 
> > > with 4
> > > 3.5" SATA drive bays. And an internal SD slot. We've got 2 8TB WD Red 
> > > drives in
> > > it in RAID1, the OS on the SD card and /home on a 250GB SSD. That leaves 
> > > 2 more
> > > drive bays for expansion/transfer/migration some time.
> > 
> > Nice, though probably overkill for me.
> 
> The proliant itself was pretty cheap, and we wanted the drive bays even 
> though 
> we're only using 2 right now.  They come in a few flavours.  They only have 2 
> DIMM slots, so if you want to upgrade the RAM (we did) you have to replace 
> the 
> memory it comes with.  And if you upgrade the RAM, pay careful attention to 
> buffered vs unbuffered - we screwed up, to our cost.
> 
> > > Regarding backup for the server, we have a pair of 2TB WD MyPassport USB 
> > > 3.0
> > > bus powered drives. One stays ion all the time, getting nightly backups. 
> > > The
> > > other lives in a drawer, and we plug it in every so often to update its 
> > > backup.
> > > That gets us nightly backup resolution plus an offline isolated backup in 
> > > case
> > > of the OS getting comprimised, which could lead to the main backup being
> > > comprimised.
> > 
> > So you backup 8TB on a 2TB drive? I guess most media server files don't
> > really need backing up as you can always get them again. I don't back
> > them up myself.
> 
> I'm on the end of a wet piece of string. And our media server is not full. It 
> will become an issue at some point, but I have a complex plan for that.

The downside of knowing about this stuff is that there are so many
options :-) It took me ages to decide to move my media off the NAS and
onto a larger HDD on my desktop, but it was definitely the right thing
to do.

Last night I started wondering if I could rip out the drives on the NAS
and build one myself using a Raspberry Pi and FreeNAS, so that'll be
another maze of twisty little passages, all alike.

> [...]
> > Thanks for the input. I've now got the NFS+Samba combo working, after
> > some head-banging until I figured out the SElinux parameters I needed
> > to change (could this *be* more obscure? no meaningful error messages
> > in the Samba log until I Googled them and a light dawned).
> 
> On of the features of SELinux is that apps don't know what's wrong. Perfectly 
> configured permissions etc simply don't work. I can't describe how happy that 
> makes me.

I can understand apps not knowing the problem is SElinux. I can't
understand Samba saying:

canonicalize_connect_path failed for service WinBackup, path 
/storage/Backups/Win10

instead of saying 'there was an access problem'.

Cheers

poc
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-16 Thread Tim

Allegedly, on or about 15 January 2018, Patrick O'Callaghan sent:
> I only have my desktop, but that would be Plan C. The irony is that
> I'm using Samba purely because I need a backup for my Windows VM,
> which is running on the same desktop.

Tangential approach:  Can you install a NFS client onto the Windows
installation?

-- 
[tim@localhost ~]$ uname -rsvp
Linux 4.14.11-200.fc26.x86_64 #1 SMP Wed Jan 3 13:58:53 UTC 2018 x86_64

Boilerplate:  All mail to my mailbox is automatically deleted.
There is no point trying to privately email me, I only get to see
the messages posted to the mailing list.

When I write something, take it as meaning exactly what I wrote.
Do not interpret it.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-15 Thread Cameron Simpson


On 15Jan2018 22:57, Patrick O'Callaghan  wrote:

On Tue, 2018-01-16 at 08:17 +1100, Cameron Simpson wrote:

Last year we bought an HP Proliant G8. It has a cool cubic form mactor with 4
3.5" SATA drive bays. And an internal SD slot. We've got 2 8TB WD Red drives in
it in RAID1, the OS on the SD card and /home on a 250GB SSD. That leaves 2 more
drive bays for expansion/transfer/migration some time.


Nice, though probably overkill for me.


The proliant itself was pretty cheap, and we wanted the drive bays even though 
we're only using 2 right now.  They come in a few flavours.  They only have 2 
DIMM slots, so if you want to upgrade the RAM (we did) you have to replace the 
memory it comes with.  And if you upgrade the RAM, pay careful attention to 
buffered vs unbuffered - we screwed up, to our cost.



Regarding backup for the server, we have a pair of 2TB WD MyPassport USB 3.0
bus powered drives. One stays ion all the time, getting nightly backups. The
other lives in a drawer, and we plug it in every so often to update its backup.
That gets us nightly backup resolution plus an offline isolated backup in case
of the OS getting comprimised, which could lead to the main backup being
comprimised.


So you backup 8TB on a 2TB drive? I guess most media server files don't
really need backing up as you can always get them again. I don't back
them up myself.


I'm on the end of a wet piece of string. And our media server is not full. It 
will become an issue at some point, but I have a complex plan for that.


[...]

Thanks for the input. I've now got the NFS+Samba combo working, after
some head-banging until I figured out the SElinux parameters I needed
to change (could this *be* more obscure? no meaningful error messages
in the Samba log until I Googled them and a light dawned).


On of the features of SELinux is that apps don't know what's wrong. Perfectly 
configured permissions etc simply don't work. I can't describe how happy that 
makes me.


Cheers,
Cameron Simpson  (formerly c...@zip.com.au)
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-15 Thread Patrick O'Callaghan

On Tue, 2018-01-16 at 08:17 +1100, Cameron Simpson wrote:
> Last year we bought an HP Proliant G8. It has a cool cubic form mactor with 4 
> 3.5" SATA drive bays. And an internal SD slot. We've got 2 8TB WD Red drives 
> in 
> it in RAID1, the OS on the SD card and /home on a 250GB SSD. That leaves 2 
> more 
> drive bays for expansion/transfer/migration some time.

Nice, though probably overkill for me.

> Regarding backup for the server, we have a pair of 2TB WD MyPassport USB 3.0 
> bus powered drives. One stays ion all the time, getting nightly backups. The 
> other lives in a drawer, and we plug it in every so often to update its 
> backup.  
> That gets us nightly backup resolution plus an offline isolated backup in 
> case 
> of the OS getting comprimised, which could lead to the main backup being 
> comprimised.

So you backup 8TB on a 2TB drive? I guess most media server files don't
really need backing up as you can always get them again. I don't back
them up myself.

> My personal laptop is a Mac, backuped with TimeMachine to a WD MyPassport, 
> which also lives in a drawer for the same reason.
> 
> Why RAID1 in the server? For rescue: either drive from a RIAD1 pair can just 
> be 
> plugged into another machine and used standalone for recovery etc - just hand 
> mount things. RAID5 would use more drive slots (the G8 has 4) and be more 
> painful in a disaster.

Yes, RAID1 saved me twice when those Seagates failed, luckily not both
at once.

Thanks for the input. I've now got the NFS+Samba combo working, after
some head-banging until I figured out the SElinux parameters I needed
to change (could this *be* more obscure? no meaningful error messages
in the Samba log until I Googled them and a light dawned).

poc
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-15 Thread Cameron Simpson

On 15Jan2018 12:01, Patrick O'Callaghan  wrote:

On Mon, 2018-01-15 at 11:07 +1100, Cameron Simpson wrote:

On 14Jan2018 23:25, Patrick O'Callaghan  wrote:
> On further study, I strongly suspect my mods to the config file are
> being overwritten on reboot. Apparently the NAS has firmware that
> restores basic stuff from a read-only partition on booting.

Does it have a persistent rc.local or cron (thinking @reboot here)? We've got a
PVR with that kind of behaviour (custom hacks vanishing on reboot).

It's sneakier than that. Much of the root filesystem, including the
directory where the default apps live, is read-only. I've tried
remounting rw as a loopback to make changes but haven't quite got it
right yet. Something else seems to be going on.

Yay.

As a final suggestion, have you got a home linux server that's always on? If
you get nowhere with Samba on the NAS, there's always NFS from the NAS to your
server, then Samba from there. That way you'd have control over the Samba
software.

I only have my desktop, but that would be Plan C. The irony is that I'm
using Samba purely because I need a backup for my Windows VM, which is
running on the same desktop.

Plan B is to jigger Windows 10 to accept SMB1 as it used to before the
recent updates. I'm aware of the risks but apparently it's possible.

Plan D is to junk the thing and loot it for the drives (I've already
replaced the original Seagates, both of which failed, with two decent
1TB WD units). Realistically I don't think I need a NAS any more. It
used to be my media server but got too slow for that so now it's just a
backup server. I might just stick the drives in my main machine in a
RAID format and keep using them for backup.

Yeah, we went that way. We were using a WD Live drive as our media server and 
had a tiny cheap machine as the home server (email, DNS, etc). Our PVR is Linux 
and NFS mounts the media server so we've got one main playback device.

Like your NAS, both the WD Live and the tiny server were underpowered.

Last year we bought an HP Proliant G8. It has a cool cubic form mactor with 4 
3.5" SATA drive bays. And an internal SD slot. We've got 2 8TB WD Red drives in 
it in RAID1, the OS on the SD card and /home on a 250GB SSD. That leaves 2 more 
drive bays for expansion/transfer/migration some time.

Regarding backup for the server, we have a pair of 2TB WD MyPassport USB 3.0 
bus powered drives. One stays ion all the time, getting nightly backups. The 
other lives in a drawer, and we plug it in every so often to update its backup.  
That gets us nightly backup resolution plus an offline isolated backup in case 
of the OS getting comprimised, which could lead to the main backup being 
comprimised.

My personal laptop is a Mac, backuped with TimeMachine to a WD MyPassport, 
which also lives in a drawer for the same reason.

Why RAID1 in the server? For rescue: either drive from a RIAD1 pair can just be 
plugged into another machine and used standalone for recovery etc - just hand 
mount things. RAID5 would use more drive slots (the G8 has 4) and be more 
painful in a disaster.

Cheers,
Cameron Simpson  (formerly c...@zip.com.au)
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-15 Thread Patrick O'Callaghan

On Sun, 2018-01-14 at 20:52 -0500, Bill Shirley wrote:
> Does your NAS configuration have a GUI front-end?  Perhaps it has a Samba
> config template that it applies the GUI changes to to create the actual 
> smb.conf.

It does have a GUI, but the Samba options are extremely limited.

> Do you have shell access? Does it have the 'locate' command so that you can
> find this template and change it?

Yes, but the template is restored from a read-only partition on boot.

> Does it have cron running so that you could run 'patch' to apply your changes
> to the working smb.conf?

It does have 'cron'. I'll take a look at that, thanks (assuming it lets
me changes the crontab).

poc
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-15 Thread Patrick O'Callaghan

On Mon, 2018-01-15 at 11:07 +1100, Cameron Simpson wrote:
> On 14Jan2018 23:25, Patrick O'Callaghan  wrote:
> > On further study, I strongly suspect my mods to the config file are
> > being overwritten on reboot. Apparently the NAS has firmware that
> > restores basic stuff from a read-only partition on booting.
> 
> Does it have a persistent rc.local or cron (thinking @reboot here)? We've got 
> a 
> PVR with that kind of behaviour (custom hacks vanishing on reboot).

It's sneakier than that. Much of the root filesystem, including the
directory where the default apps live, is read-only. I've tried
remounting rw as a loopback to make changes but haven't quite got it
right yet. Something else seems to be going on.

> > This will
> > require some hackery to sort out, but doesn't seem to be anything
> > directly related to Samba (nor to Fedora of course), so I won't pursue
> > it here for now.
> > 
> > Thanks to everyone who tried to help.
> 
> As a final suggestion, have you got a home linux server that's always on? If 
> you get nowhere with Samba on the NAS, there's always NFS from the NAS to 
> your 
> server, then Samba from there. That way you'd have control over the Samba 
> software.

I only have my desktop, but that would be Plan C. The irony is that I'm
using Samba purely because I need a backup for my Windows VM, which is
running on the same desktop.

Plan B is to jigger Windows 10 to accept SMB1 as it used to before the
recent updates. I'm aware of the risks but apparently it's possible.

Plan D is to junk the thing and loot it for the drives (I've already
replaced the original Seagates, both of which failed, with two decent
1TB WD units). Realistically I don't think I need a NAS any more. It
used to be my media server but got too slow for that so now it's just a
backup server. I might just stick the drives in my main machine in a
RAID format and keep using them for backup.

poc
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-14 Thread Bill Shirley


Does your NAS configuration have a GUI front-end?  Perhaps it has a Samba
config template that it applies the GUI changes to to create the actual 
smb.conf.

Do you have shell access? Does it have the 'locate' command so that you can
find this template and change it?

Does it have cron running so that you could run 'patch' to apply your changes
to the working smb.conf?

Bill

On 1/14/2018 6:25 PM, Patrick O'Callaghan wrote:

On Sun, 2018-01-14 at 11:35 -0800, Gordon Messmer wrote:

On 01/14/2018 09:40 AM, Patrick O'Callaghan wrote:

I get:
  PORTSTATE SERVICE
  445/tcp open  microsoft-ds
  Host script results:
  | smb-protocols:
  |   dialects:
  |_NT LM 0.12 (SMBv1) [dangerous, but default]

So clearly the config option isn't being used, or doesn't do what I
thought it did. I'll investigate further.

I believe what you're seeing is the auth protocol, while the option
you're setting is for the general protocol.  I don't have a samba 3
server to check anymore, but I think you want to set "lanman auth = no"
and "ntlm auth = no", which should leave you with NTLMv2 with SPNEGO.

Thanks, but that didn't work either.

On further study, I strongly suspect my mods to the config file are
being overwritten on reboot. Apparently the NAS has firmware that
restores basic stuff from a read-only partition on booting. This will
require some hackery to sort out, but doesn't seem to be anything
directly related to Samba (nor to Fedora of course), so I won't pursue
it here for now.

Thanks to everyone who tried to help.

poc
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-14 Thread Cameron Simpson


On 14Jan2018 23:25, Patrick O'Callaghan  wrote:

On further study, I strongly suspect my mods to the config file are
being overwritten on reboot. Apparently the NAS has firmware that
restores basic stuff from a read-only partition on booting.


Does it have a persistent rc.local or cron (thinking @reboot here)? We've got a 
PVR with that kind of behaviour (custom hacks vanishing on reboot).



This will
require some hackery to sort out, but doesn't seem to be anything
directly related to Samba (nor to Fedora of course), so I won't pursue
it here for now.

Thanks to everyone who tried to help.


As a final suggestion, have you got a home linux server that's always on? If 
you get nowhere with Samba on the NAS, there's always NFS from the NAS to your 
server, then Samba from there. That way you'd have control over the Samba 
software.


Cheers,
Cameron Simpson 
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-14 Thread Patrick O'Callaghan

On Sun, 2018-01-14 at 11:35 -0800, Gordon Messmer wrote:
> On 01/14/2018 09:40 AM, Patrick O'Callaghan wrote:
> > I get:
> >  PORTSTATE SERVICE
> >  445/tcp open  microsoft-ds
> >  Host script results:
> >  | smb-protocols:
> >  |   dialects:
> >  |_NT LM 0.12 (SMBv1) [dangerous, but default]
> > 
> > So clearly the config option isn't being used, or doesn't do what I
> > thought it did. I'll investigate further.
> 
> I believe what you're seeing is the auth protocol, while the option 
> you're setting is for the general protocol.  I don't have a samba 3 
> server to check anymore, but I think you want to set "lanman auth = no" 
> and "ntlm auth = no", which should leave you with NTLMv2 with SPNEGO.

Thanks, but that didn't work either.

On further study, I strongly suspect my mods to the config file are
being overwritten on reboot. Apparently the NAS has firmware that
restores basic stuff from a read-only partition on booting. This will
require some hackery to sort out, but doesn't seem to be anything
directly related to Samba (nor to Fedora of course), so I won't pursue
it here for now.

Thanks to everyone who tried to help.

poc
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-14 Thread Gordon Messmer


On 01/14/2018 09:40 AM, Patrick O'Callaghan wrote:

I get:
 PORTSTATE SERVICE
 445/tcp open  microsoft-ds
 Host script results:
 | smb-protocols:
 |   dialects:
 |_NT LM 0.12 (SMBv1) [dangerous, but default]

So clearly the config option isn't being used, or doesn't do what I
thought it did. I'll investigate further.


I believe what you're seeing is the auth protocol, while the option 
you're setting is for the general protocol.  I don't have a samba 3 
server to check anymore, but I think you want to set "lanman auth = no" 
and "ntlm auth = no", which should leave you with NTLMv2 with SPNEGO.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-14 Thread Patrick O'Callaghan

On Sun, 2018-01-14 at 23:12 +0800, Ed Greshko wrote:
> On 01/14/18 21:51, Patrick O'Callaghan wrote:
> > I have a Samba server running on a NAS, but according to my Windows VM
> > it's running SMB1 and is thus insecure, so Windows won't connect to it.
> > 
> > I've added the line "min protocol = SMB2" to the smb.conf file and
> > restarted the service, but Windows remains unconvinced.
> > 
> > What else do I need to do? Is there an easy way to ping the server
> > (from Linux) and check what protocol it's using? Note that Linux has no
> > problem connecting to the server.
> > 
> 
> Who is your NAS supplier?
> 
> Maybe try adding
> 
> min protocol=SMB2
> max protocol=SMB3
> 
> and restarting the service on your NAS?
> 
> If that doesn't work, does your NAS supplier have a support line?

Not in any meaningful way. It's an old Iomega unit I've had for about 8
or 9 years, running an obsolete version of Debian. The Samba version is
one I updated myself from a repo that attempts to keep more recent
versions of software than the manufacturer supplies. It's almost
certain that this is down to getting the config right, so I'll try
Rex's suggestion and ask on the Samba list.

> I could not find a way to determine remotely the version of smb in use.  If 
> you find
> out, that would be good to know.

I know what it is because I can log into the NAS. I don't really care
as long as I can make it default to protocol version 2 or higher.

poc
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-14 Thread Patrick O'Callaghan

On Sun, 2018-01-14 at 23:16 +0800, Ed Greshko wrote:
> On 01/14/18 23:11, Patrick O'Callaghan wrote:
> > On Sun, 2018-01-14 at 08:57 -0600, Rex Dieter wrote:
> > > Patrick O'Callaghan wrote:
> > > 
> > > > I have a Samba server running on a NAS, but according to my Windows VM
> > > > it's running SMB1 and is thus insecure, so Windows won't connect to it.
> > > > 
> > > > I've added the line "min protocol = SMB2" to the smb.conf file and
> > > > restarted the service, but Windows remains unconvinced.
> > > > 
> > > > What else do I need to do? Is there an easy way to ping the server
> > > > (from Linux) and check what protocol it's using? Note that Linux has no
> > > > problem connecting to the server.
> > > 
> > > An excellent question for a samba support forum (and mention what version 
> > > of 
> > > samba you're using).
> > > 
> > > One option:
> > > https://lists.samba.org/mailman/listinfo/samba
> > 
> > Sure. I recognise that this isn't a Fedora issue, however I've had some
> > luck with Samba questions here in the past so I thought I'd check first
> > in case it's something obvious. Not really interested in becoming a
> > Samba expert ...
> > 
> > The Samba version is 3.2.15.
> > 
> 
> OK
> 
> I found the way to list the versions being offered by a remote service.
> 
> nmap -p445 --script smb-protocols 
> 
> Example, for my NAS
> 
> [root@meimei ~]# nmap -p445 --script smb-protocols ds
> [...]

I get:

PORTSTATE SERVICE
445/tcp open  microsoft-ds

Host script results:
| smb-protocols: 
|   dialects: 
|_NT LM 0.12 (SMBv1) [dangerous, but default]

So clearly the config option isn't being used, or doesn't do what I
thought it did. I'll investigate further.

poc
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-14 Thread Ed Greshko

On 01/14/18 23:19, Rex Dieter wrote:
> Ed Greshko wrote:
>
>> On 01/14/18 21:51, Patrick O'Callaghan wrote:
>>> I have a Samba server running on a NAS, but according to my Windows VM
>>> it's running SMB1 and is thus insecure, so Windows won't connect to it.
>>>
>>> I've added the line "min protocol = SMB2" to the smb.conf file and
>>> restarted the service, but Windows remains unconvinced.
>>>
>>> What else do I need to do? Is there an easy way to ping the server
>>> (from Linux) and check what protocol it's using? Note that Linux has no
>>> problem connecting to the server.
>>>
>> Who is your NAS supplier?
>>
>> Maybe try adding
>>
>> min protocol=SMB2
>> max protocol=SMB3
> ^^ One example of ill-advised suggestion.  SMB2 does not do what you think 
> it does. :-/  (it's non-obvious, but doesn't work in most cases)
>

OK, fine.

But my later post about what nmap reports shows my NAS offering only 2.X and 3.X
protocols.

So, maybe even if it is ill-advised, it is doing the needful thing on my 
Synology NAS?



-- 
Fedora Users List - The place to go to speculate endlessly



signature.asc
Description: OpenPGP digital signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-14 Thread Tom Horsley

On Sun, 14 Jan 2018 15:11:51 +
Patrick O'Callaghan wrote:

> The Samba version is 3.2.15.

Perhaps that is the problem. My fedora 27 box is running
samba-4.7.4-0.fc27.x86_64 and my windows 10 virtual machine
mounts a samba provided share with no complaints.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-14 Thread Rex Dieter

Ed Greshko wrote:

> On 01/14/18 21:51, Patrick O'Callaghan wrote:
>> I have a Samba server running on a NAS, but according to my Windows VM
>> it's running SMB1 and is thus insecure, so Windows won't connect to it.
>>
>> I've added the line "min protocol = SMB2" to the smb.conf file and
>> restarted the service, but Windows remains unconvinced.
>>
>> What else do I need to do? Is there an easy way to ping the server
>> (from Linux) and check what protocol it's using? Note that Linux has no
>> problem connecting to the server.
>>
> 
> Who is your NAS supplier?
> 
> Maybe try adding
> 
> min protocol=SMB2
> max protocol=SMB3

^^ One example of ill-advised suggestion.  SMB2 does not do what you think 
it does. :-/  (it's non-obvious, but doesn't work in most cases)

-- Rex
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-14 Thread Rex Dieter

Patrick O'Callaghan wrote:

> On Sun, 2018-01-14 at 08:57 -0600, Rex Dieter wrote:
>> Patrick O'Callaghan wrote:
>> 
>> > I have a Samba server running on a NAS, but according to my Windows VM
>> > it's running SMB1 and is thus insecure, so Windows won't connect to it.
>> > 
>> > I've added the line "min protocol = SMB2" to the smb.conf file and
>> > restarted the service, but Windows remains unconvinced.
>> > 
>> > What else do I need to do? Is there an easy way to ping the server
>> > (from Linux) and check what protocol it's using? Note that Linux has no
>> > problem connecting to the server.
>> 
>> An excellent question for a samba support forum (and mention what version
>> of samba you're using).
>> 
>> One option:
>> https://lists.samba.org/mailman/listinfo/samba
> 
> Sure. I recognise that this isn't a Fedora issue, however I've had some
> luck with Samba questions here in the past so I thought I'd check first
> in case it's something obvious. Not really interested in becoming a
> Samba expert ...

Understood.  Maybe I should have mentioned it before, but I've seen a fair 
amount of misleading or outright wrong advice wrt to this issue on blogs and 
forums... which is why I suggested to go straight to the best source of 
authoritative information.

-- Rex
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-14 Thread Ed Greshko

On 01/14/18 23:11, Patrick O'Callaghan wrote:
> On Sun, 2018-01-14 at 08:57 -0600, Rex Dieter wrote:
>> Patrick O'Callaghan wrote:
>>
>>> I have a Samba server running on a NAS, but according to my Windows VM
>>> it's running SMB1 and is thus insecure, so Windows won't connect to it.
>>>
>>> I've added the line "min protocol = SMB2" to the smb.conf file and
>>> restarted the service, but Windows remains unconvinced.
>>>
>>> What else do I need to do? Is there an easy way to ping the server
>>> (from Linux) and check what protocol it's using? Note that Linux has no
>>> problem connecting to the server.
>> An excellent question for a samba support forum (and mention what version of 
>> samba you're using).
>>
>> One option:
>> https://lists.samba.org/mailman/listinfo/samba
> Sure. I recognise that this isn't a Fedora issue, however I've had some
> luck with Samba questions here in the past so I thought I'd check first
> in case it's something obvious. Not really interested in becoming a
> Samba expert ...
>
> The Samba version is 3.2.15.
>

OK

I found the way to list the versions being offered by a remote service.

nmap -p445 --script smb-protocols 

Example, for my NAS

[root@meimei ~]# nmap -p445 --script smb-protocols ds

Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-14 23:14 CST
Nmap scan report for ds (192.168.1.152)
Host is up (0.00027s latency).

PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:11:32:2A:64:E2 (Synology Incorporated)

Host script results:
| smb-protocols:
|   dialects:
| 2.02
| 2.10
| 3.00
| 3.02
|_    3.11




-- 
Fedora Users List - The place to go to speculate endlessly



signature.asc
Description: OpenPGP digital signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-14 Thread Ed Greshko

On 01/14/18 21:51, Patrick O'Callaghan wrote:
> I have a Samba server running on a NAS, but according to my Windows VM
> it's running SMB1 and is thus insecure, so Windows won't connect to it.
>
> I've added the line "min protocol = SMB2" to the smb.conf file and
> restarted the service, but Windows remains unconvinced.
>
> What else do I need to do? Is there an easy way to ping the server
> (from Linux) and check what protocol it's using? Note that Linux has no
> problem connecting to the server.
>

Who is your NAS supplier?

Maybe try adding

min protocol=SMB2
max protocol=SMB3

and restarting the service on your NAS?

If that doesn't work, does your NAS supplier have a support line?

I could not find a way to determine remotely the version of smb in use.  If you 
find
out, that would be good to know.


-- 
Fedora Users List - The place to go to speculate endlessly



signature.asc
Description: OpenPGP digital signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-14 Thread Patrick O'Callaghan

On Sun, 2018-01-14 at 08:57 -0600, Rex Dieter wrote:
> Patrick O'Callaghan wrote:
> 
> > I have a Samba server running on a NAS, but according to my Windows VM
> > it's running SMB1 and is thus insecure, so Windows won't connect to it.
> > 
> > I've added the line "min protocol = SMB2" to the smb.conf file and
> > restarted the service, but Windows remains unconvinced.
> > 
> > What else do I need to do? Is there an easy way to ping the server
> > (from Linux) and check what protocol it's using? Note that Linux has no
> > problem connecting to the server.
> 
> An excellent question for a samba support forum (and mention what version of 
> samba you're using).
> 
> One option:
> https://lists.samba.org/mailman/listinfo/samba

Sure. I recognise that this isn't a Fedora issue, however I've had some
luck with Samba questions here in the past so I thought I'd check first
in case it's something obvious. Not really interested in becoming a
Samba expert ...

The Samba version is 3.2.15.

poc
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

2018-01-14 Thread Rex Dieter

Patrick O'Callaghan wrote:

> I have a Samba server running on a NAS, but according to my Windows VM
> it's running SMB1 and is thus insecure, so Windows won't connect to it.
> 
> I've added the line "min protocol = SMB2" to the smb.conf file and
> restarted the service, but Windows remains unconvinced.
> 
> What else do I need to do? Is there an easy way to ping the server
> (from Linux) and check what protocol it's using? Note that Linux has no
> problem connecting to the server.

An excellent question for a samba support forum (and mention what version of 
samba you're using).

One option:
https://lists.samba.org/mailman/listinfo/samba

-- Rex
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Samba version woes

Re: Samba version woes

Re: Samba version woes

Re: Samba version woes

Re: Samba version woes

Re: Samba version woes

Re: Samba version woes

Re: Samba version woes

Re: Samba version woes

Re: Samba version woes

Re: Samba version woes

Re: Samba version woes

Re: Samba version woes

Re: Samba version woes

Re: Samba version woes

Re: Samba version woes

Re: Samba version woes

Re: Samba version woes

Re: Samba version woes

Re: Samba version woes

Re: Samba version woes

21 matches

Site Navigation

Mail list logo

Footer information