Re: Samba version woes
On Tue, 2018-01-16 at 11:13 +1100, Cameron Simpson wrote: > On 15Jan2018 22:57, Patrick O'Callaghanwrote: > > On Tue, 2018-01-16 at 08:17 +1100, Cameron Simpson wrote: > > > Last year we bought an HP Proliant G8. It has a cool cubic form mactor > > > with 4 > > > 3.5" SATA drive bays. And an internal SD slot. We've got 2 8TB WD Red > > > drives in > > > it in RAID1, the OS on the SD card and /home on a 250GB SSD. That leaves > > > 2 more > > > drive bays for expansion/transfer/migration some time. > > > > Nice, though probably overkill for me. > > The proliant itself was pretty cheap, and we wanted the drive bays even > though > we're only using 2 right now. They come in a few flavours. They only have 2 > DIMM slots, so if you want to upgrade the RAM (we did) you have to replace > the > memory it comes with. And if you upgrade the RAM, pay careful attention to > buffered vs unbuffered - we screwed up, to our cost. > > > > Regarding backup for the server, we have a pair of 2TB WD MyPassport USB > > > 3.0 > > > bus powered drives. One stays ion all the time, getting nightly backups. > > > The > > > other lives in a drawer, and we plug it in every so often to update its > > > backup. > > > That gets us nightly backup resolution plus an offline isolated backup in > > > case > > > of the OS getting comprimised, which could lead to the main backup being > > > comprimised. > > > > So you backup 8TB on a 2TB drive? I guess most media server files don't > > really need backing up as you can always get them again. I don't back > > them up myself. > > I'm on the end of a wet piece of string. And our media server is not full. It > will become an issue at some point, but I have a complex plan for that. The downside of knowing about this stuff is that there are so many options :-) It took me ages to decide to move my media off the NAS and onto a larger HDD on my desktop, but it was definitely the right thing to do. Last night I started wondering if I could rip out the drives on the NAS and build one myself using a Raspberry Pi and FreeNAS, so that'll be another maze of twisty little passages, all alike. > [...] > > Thanks for the input. I've now got the NFS+Samba combo working, after > > some head-banging until I figured out the SElinux parameters I needed > > to change (could this *be* more obscure? no meaningful error messages > > in the Samba log until I Googled them and a light dawned). > > On of the features of SELinux is that apps don't know what's wrong. Perfectly > configured permissions etc simply don't work. I can't describe how happy that > makes me. I can understand apps not knowing the problem is SElinux. I can't understand Samba saying: canonicalize_connect_path failed for service WinBackup, path /storage/Backups/Win10 instead of saying 'there was an access problem'. Cheers poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
Allegedly, on or about 15 January 2018, Patrick O'Callaghan sent: > I only have my desktop, but that would be Plan C. The irony is that > I'm using Samba purely because I need a backup for my Windows VM, > which is running on the same desktop. Tangential approach: Can you install a NFS client onto the Windows installation? -- [tim@localhost ~]$ uname -rsvp Linux 4.14.11-200.fc26.x86_64 #1 SMP Wed Jan 3 13:58:53 UTC 2018 x86_64 Boilerplate: All mail to my mailbox is automatically deleted. There is no point trying to privately email me, I only get to see the messages posted to the mailing list. When I write something, take it as meaning exactly what I wrote. Do not interpret it. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
On 15Jan2018 22:57, Patrick O'Callaghanwrote: On Tue, 2018-01-16 at 08:17 +1100, Cameron Simpson wrote: Last year we bought an HP Proliant G8. It has a cool cubic form mactor with 4 3.5" SATA drive bays. And an internal SD slot. We've got 2 8TB WD Red drives in it in RAID1, the OS on the SD card and /home on a 250GB SSD. That leaves 2 more drive bays for expansion/transfer/migration some time. Nice, though probably overkill for me. The proliant itself was pretty cheap, and we wanted the drive bays even though we're only using 2 right now. They come in a few flavours. They only have 2 DIMM slots, so if you want to upgrade the RAM (we did) you have to replace the memory it comes with. And if you upgrade the RAM, pay careful attention to buffered vs unbuffered - we screwed up, to our cost. Regarding backup for the server, we have a pair of 2TB WD MyPassport USB 3.0 bus powered drives. One stays ion all the time, getting nightly backups. The other lives in a drawer, and we plug it in every so often to update its backup. That gets us nightly backup resolution plus an offline isolated backup in case of the OS getting comprimised, which could lead to the main backup being comprimised. So you backup 8TB on a 2TB drive? I guess most media server files don't really need backing up as you can always get them again. I don't back them up myself. I'm on the end of a wet piece of string. And our media server is not full. It will become an issue at some point, but I have a complex plan for that. [...] Thanks for the input. I've now got the NFS+Samba combo working, after some head-banging until I figured out the SElinux parameters I needed to change (could this *be* more obscure? no meaningful error messages in the Samba log until I Googled them and a light dawned). On of the features of SELinux is that apps don't know what's wrong. Perfectly configured permissions etc simply don't work. I can't describe how happy that makes me. Cheers, Cameron Simpson (formerly c...@zip.com.au) ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
On Tue, 2018-01-16 at 08:17 +1100, Cameron Simpson wrote: > Last year we bought an HP Proliant G8. It has a cool cubic form mactor with 4 > 3.5" SATA drive bays. And an internal SD slot. We've got 2 8TB WD Red drives > in > it in RAID1, the OS on the SD card and /home on a 250GB SSD. That leaves 2 > more > drive bays for expansion/transfer/migration some time. Nice, though probably overkill for me. > Regarding backup for the server, we have a pair of 2TB WD MyPassport USB 3.0 > bus powered drives. One stays ion all the time, getting nightly backups. The > other lives in a drawer, and we plug it in every so often to update its > backup. > That gets us nightly backup resolution plus an offline isolated backup in > case > of the OS getting comprimised, which could lead to the main backup being > comprimised. So you backup 8TB on a 2TB drive? I guess most media server files don't really need backing up as you can always get them again. I don't back them up myself. > My personal laptop is a Mac, backuped with TimeMachine to a WD MyPassport, > which also lives in a drawer for the same reason. > > Why RAID1 in the server? For rescue: either drive from a RIAD1 pair can just > be > plugged into another machine and used standalone for recovery etc - just hand > mount things. RAID5 would use more drive slots (the G8 has 4) and be more > painful in a disaster. Yes, RAID1 saved me twice when those Seagates failed, luckily not both at once. Thanks for the input. I've now got the NFS+Samba combo working, after some head-banging until I figured out the SElinux parameters I needed to change (could this *be* more obscure? no meaningful error messages in the Samba log until I Googled them and a light dawned). poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
On 15Jan2018 12:01, Patrick O'Callaghanwrote: On Mon, 2018-01-15 at 11:07 +1100, Cameron Simpson wrote: On 14Jan2018 23:25, Patrick O'Callaghan wrote: > On further study, I strongly suspect my mods to the config file are > being overwritten on reboot. Apparently the NAS has firmware that > restores basic stuff from a read-only partition on booting. Does it have a persistent rc.local or cron (thinking @reboot here)? We've got a PVR with that kind of behaviour (custom hacks vanishing on reboot). It's sneakier than that. Much of the root filesystem, including the directory where the default apps live, is read-only. I've tried remounting rw as a loopback to make changes but haven't quite got it right yet. Something else seems to be going on. Yay. As a final suggestion, have you got a home linux server that's always on? If you get nowhere with Samba on the NAS, there's always NFS from the NAS to your server, then Samba from there. That way you'd have control over the Samba software. I only have my desktop, but that would be Plan C. The irony is that I'm using Samba purely because I need a backup for my Windows VM, which is running on the same desktop. Plan B is to jigger Windows 10 to accept SMB1 as it used to before the recent updates. I'm aware of the risks but apparently it's possible. Plan D is to junk the thing and loot it for the drives (I've already replaced the original Seagates, both of which failed, with two decent 1TB WD units). Realistically I don't think I need a NAS any more. It used to be my media server but got too slow for that so now it's just a backup server. I might just stick the drives in my main machine in a RAID format and keep using them for backup. Yeah, we went that way. We were using a WD Live drive as our media server and had a tiny cheap machine as the home server (email, DNS, etc). Our PVR is Linux and NFS mounts the media server so we've got one main playback device. Like your NAS, both the WD Live and the tiny server were underpowered. Last year we bought an HP Proliant G8. It has a cool cubic form mactor with 4 3.5" SATA drive bays. And an internal SD slot. We've got 2 8TB WD Red drives in it in RAID1, the OS on the SD card and /home on a 250GB SSD. That leaves 2 more drive bays for expansion/transfer/migration some time. Regarding backup for the server, we have a pair of 2TB WD MyPassport USB 3.0 bus powered drives. One stays ion all the time, getting nightly backups. The other lives in a drawer, and we plug it in every so often to update its backup. That gets us nightly backup resolution plus an offline isolated backup in case of the OS getting comprimised, which could lead to the main backup being comprimised. My personal laptop is a Mac, backuped with TimeMachine to a WD MyPassport, which also lives in a drawer for the same reason. Why RAID1 in the server? For rescue: either drive from a RIAD1 pair can just be plugged into another machine and used standalone for recovery etc - just hand mount things. RAID5 would use more drive slots (the G8 has 4) and be more painful in a disaster. Cheers, Cameron Simpson (formerly c...@zip.com.au) ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
On Sun, 2018-01-14 at 20:52 -0500, Bill Shirley wrote: > Does your NAS configuration have a GUI front-end? Perhaps it has a Samba > config template that it applies the GUI changes to to create the actual > smb.conf. It does have a GUI, but the Samba options are extremely limited. > Do you have shell access? Does it have the 'locate' command so that you can > find this template and change it? Yes, but the template is restored from a read-only partition on boot. > Does it have cron running so that you could run 'patch' to apply your changes > to the working smb.conf? It does have 'cron'. I'll take a look at that, thanks (assuming it lets me changes the crontab). poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
On Mon, 2018-01-15 at 11:07 +1100, Cameron Simpson wrote: > On 14Jan2018 23:25, Patrick O'Callaghanwrote: > > On further study, I strongly suspect my mods to the config file are > > being overwritten on reboot. Apparently the NAS has firmware that > > restores basic stuff from a read-only partition on booting. > > Does it have a persistent rc.local or cron (thinking @reboot here)? We've got > a > PVR with that kind of behaviour (custom hacks vanishing on reboot). It's sneakier than that. Much of the root filesystem, including the directory where the default apps live, is read-only. I've tried remounting rw as a loopback to make changes but haven't quite got it right yet. Something else seems to be going on. > > This will > > require some hackery to sort out, but doesn't seem to be anything > > directly related to Samba (nor to Fedora of course), so I won't pursue > > it here for now. > > > > Thanks to everyone who tried to help. > > As a final suggestion, have you got a home linux server that's always on? If > you get nowhere with Samba on the NAS, there's always NFS from the NAS to > your > server, then Samba from there. That way you'd have control over the Samba > software. I only have my desktop, but that would be Plan C. The irony is that I'm using Samba purely because I need a backup for my Windows VM, which is running on the same desktop. Plan B is to jigger Windows 10 to accept SMB1 as it used to before the recent updates. I'm aware of the risks but apparently it's possible. Plan D is to junk the thing and loot it for the drives (I've already replaced the original Seagates, both of which failed, with two decent 1TB WD units). Realistically I don't think I need a NAS any more. It used to be my media server but got too slow for that so now it's just a backup server. I might just stick the drives in my main machine in a RAID format and keep using them for backup. poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
Does your NAS configuration have a GUI front-end? Perhaps it has a Samba config template that it applies the GUI changes to to create the actual smb.conf. Do you have shell access? Does it have the 'locate' command so that you can find this template and change it? Does it have cron running so that you could run 'patch' to apply your changes to the working smb.conf? Bill On 1/14/2018 6:25 PM, Patrick O'Callaghan wrote: On Sun, 2018-01-14 at 11:35 -0800, Gordon Messmer wrote: On 01/14/2018 09:40 AM, Patrick O'Callaghan wrote: I get: PORTSTATE SERVICE 445/tcp open microsoft-ds Host script results: | smb-protocols: | dialects: |_NT LM 0.12 (SMBv1) [dangerous, but default] So clearly the config option isn't being used, or doesn't do what I thought it did. I'll investigate further. I believe what you're seeing is the auth protocol, while the option you're setting is for the general protocol. I don't have a samba 3 server to check anymore, but I think you want to set "lanman auth = no" and "ntlm auth = no", which should leave you with NTLMv2 with SPNEGO. Thanks, but that didn't work either. On further study, I strongly suspect my mods to the config file are being overwritten on reboot. Apparently the NAS has firmware that restores basic stuff from a read-only partition on booting. This will require some hackery to sort out, but doesn't seem to be anything directly related to Samba (nor to Fedora of course), so I won't pursue it here for now. Thanks to everyone who tried to help. poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
On 14Jan2018 23:25, Patrick O'Callaghanwrote: On further study, I strongly suspect my mods to the config file are being overwritten on reboot. Apparently the NAS has firmware that restores basic stuff from a read-only partition on booting. Does it have a persistent rc.local or cron (thinking @reboot here)? We've got a PVR with that kind of behaviour (custom hacks vanishing on reboot). This will require some hackery to sort out, but doesn't seem to be anything directly related to Samba (nor to Fedora of course), so I won't pursue it here for now. Thanks to everyone who tried to help. As a final suggestion, have you got a home linux server that's always on? If you get nowhere with Samba on the NAS, there's always NFS from the NAS to your server, then Samba from there. That way you'd have control over the Samba software. Cheers, Cameron Simpson ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
On Sun, 2018-01-14 at 11:35 -0800, Gordon Messmer wrote: > On 01/14/2018 09:40 AM, Patrick O'Callaghan wrote: > > I get: > > PORTSTATE SERVICE > > 445/tcp open microsoft-ds > > Host script results: > > | smb-protocols: > > | dialects: > > |_NT LM 0.12 (SMBv1) [dangerous, but default] > > > > So clearly the config option isn't being used, or doesn't do what I > > thought it did. I'll investigate further. > > I believe what you're seeing is the auth protocol, while the option > you're setting is for the general protocol. I don't have a samba 3 > server to check anymore, but I think you want to set "lanman auth = no" > and "ntlm auth = no", which should leave you with NTLMv2 with SPNEGO. Thanks, but that didn't work either. On further study, I strongly suspect my mods to the config file are being overwritten on reboot. Apparently the NAS has firmware that restores basic stuff from a read-only partition on booting. This will require some hackery to sort out, but doesn't seem to be anything directly related to Samba (nor to Fedora of course), so I won't pursue it here for now. Thanks to everyone who tried to help. poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
On 01/14/2018 09:40 AM, Patrick O'Callaghan wrote: I get: PORTSTATE SERVICE 445/tcp open microsoft-ds Host script results: | smb-protocols: | dialects: |_NT LM 0.12 (SMBv1) [dangerous, but default] So clearly the config option isn't being used, or doesn't do what I thought it did. I'll investigate further. I believe what you're seeing is the auth protocol, while the option you're setting is for the general protocol. I don't have a samba 3 server to check anymore, but I think you want to set "lanman auth = no" and "ntlm auth = no", which should leave you with NTLMv2 with SPNEGO. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
On Sun, 2018-01-14 at 23:12 +0800, Ed Greshko wrote: > On 01/14/18 21:51, Patrick O'Callaghan wrote: > > I have a Samba server running on a NAS, but according to my Windows VM > > it's running SMB1 and is thus insecure, so Windows won't connect to it. > > > > I've added the line "min protocol = SMB2" to the smb.conf file and > > restarted the service, but Windows remains unconvinced. > > > > What else do I need to do? Is there an easy way to ping the server > > (from Linux) and check what protocol it's using? Note that Linux has no > > problem connecting to the server. > > > > Who is your NAS supplier? > > Maybe try adding > > min protocol=SMB2 > max protocol=SMB3 > > and restarting the service on your NAS? > > If that doesn't work, does your NAS supplier have a support line? Not in any meaningful way. It's an old Iomega unit I've had for about 8 or 9 years, running an obsolete version of Debian. The Samba version is one I updated myself from a repo that attempts to keep more recent versions of software than the manufacturer supplies. It's almost certain that this is down to getting the config right, so I'll try Rex's suggestion and ask on the Samba list. > I could not find a way to determine remotely the version of smb in use. If > you find > out, that would be good to know. I know what it is because I can log into the NAS. I don't really care as long as I can make it default to protocol version 2 or higher. poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
On Sun, 2018-01-14 at 23:16 +0800, Ed Greshko wrote: > On 01/14/18 23:11, Patrick O'Callaghan wrote: > > On Sun, 2018-01-14 at 08:57 -0600, Rex Dieter wrote: > > > Patrick O'Callaghan wrote: > > > > > > > I have a Samba server running on a NAS, but according to my Windows VM > > > > it's running SMB1 and is thus insecure, so Windows won't connect to it. > > > > > > > > I've added the line "min protocol = SMB2" to the smb.conf file and > > > > restarted the service, but Windows remains unconvinced. > > > > > > > > What else do I need to do? Is there an easy way to ping the server > > > > (from Linux) and check what protocol it's using? Note that Linux has no > > > > problem connecting to the server. > > > > > > An excellent question for a samba support forum (and mention what version > > > of > > > samba you're using). > > > > > > One option: > > > https://lists.samba.org/mailman/listinfo/samba > > > > Sure. I recognise that this isn't a Fedora issue, however I've had some > > luck with Samba questions here in the past so I thought I'd check first > > in case it's something obvious. Not really interested in becoming a > > Samba expert ... > > > > The Samba version is 3.2.15. > > > > OK > > I found the way to list the versions being offered by a remote service. > > nmap -p445 --script smb-protocols > > Example, for my NAS > > [root@meimei ~]# nmap -p445 --script smb-protocols ds > [...] I get: PORTSTATE SERVICE 445/tcp open microsoft-ds Host script results: | smb-protocols: | dialects: |_NT LM 0.12 (SMBv1) [dangerous, but default] So clearly the config option isn't being used, or doesn't do what I thought it did. I'll investigate further. poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
On 01/14/18 23:19, Rex Dieter wrote: > Ed Greshko wrote: > >> On 01/14/18 21:51, Patrick O'Callaghan wrote: >>> I have a Samba server running on a NAS, but according to my Windows VM >>> it's running SMB1 and is thus insecure, so Windows won't connect to it. >>> >>> I've added the line "min protocol = SMB2" to the smb.conf file and >>> restarted the service, but Windows remains unconvinced. >>> >>> What else do I need to do? Is there an easy way to ping the server >>> (from Linux) and check what protocol it's using? Note that Linux has no >>> problem connecting to the server. >>> >> Who is your NAS supplier? >> >> Maybe try adding >> >> min protocol=SMB2 >> max protocol=SMB3 > ^^ One example of ill-advised suggestion. SMB2 does not do what you think > it does. :-/ (it's non-obvious, but doesn't work in most cases) > OK, fine. But my later post about what nmap reports shows my NAS offering only 2.X and 3.X protocols. So, maybe even if it is ill-advised, it is doing the needful thing on my Synology NAS? -- Fedora Users List - The place to go to speculate endlessly signature.asc Description: OpenPGP digital signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
On Sun, 14 Jan 2018 15:11:51 + Patrick O'Callaghan wrote: > The Samba version is 3.2.15. Perhaps that is the problem. My fedora 27 box is running samba-4.7.4-0.fc27.x86_64 and my windows 10 virtual machine mounts a samba provided share with no complaints. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
Ed Greshko wrote: > On 01/14/18 21:51, Patrick O'Callaghan wrote: >> I have a Samba server running on a NAS, but according to my Windows VM >> it's running SMB1 and is thus insecure, so Windows won't connect to it. >> >> I've added the line "min protocol = SMB2" to the smb.conf file and >> restarted the service, but Windows remains unconvinced. >> >> What else do I need to do? Is there an easy way to ping the server >> (from Linux) and check what protocol it's using? Note that Linux has no >> problem connecting to the server. >> > > Who is your NAS supplier? > > Maybe try adding > > min protocol=SMB2 > max protocol=SMB3 ^^ One example of ill-advised suggestion. SMB2 does not do what you think it does. :-/ (it's non-obvious, but doesn't work in most cases) -- Rex ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
Patrick O'Callaghan wrote: > On Sun, 2018-01-14 at 08:57 -0600, Rex Dieter wrote: >> Patrick O'Callaghan wrote: >> >> > I have a Samba server running on a NAS, but according to my Windows VM >> > it's running SMB1 and is thus insecure, so Windows won't connect to it. >> > >> > I've added the line "min protocol = SMB2" to the smb.conf file and >> > restarted the service, but Windows remains unconvinced. >> > >> > What else do I need to do? Is there an easy way to ping the server >> > (from Linux) and check what protocol it's using? Note that Linux has no >> > problem connecting to the server. >> >> An excellent question for a samba support forum (and mention what version >> of samba you're using). >> >> One option: >> https://lists.samba.org/mailman/listinfo/samba > > Sure. I recognise that this isn't a Fedora issue, however I've had some > luck with Samba questions here in the past so I thought I'd check first > in case it's something obvious. Not really interested in becoming a > Samba expert ... Understood. Maybe I should have mentioned it before, but I've seen a fair amount of misleading or outright wrong advice wrt to this issue on blogs and forums... which is why I suggested to go straight to the best source of authoritative information. -- Rex ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
On 01/14/18 23:11, Patrick O'Callaghan wrote: > On Sun, 2018-01-14 at 08:57 -0600, Rex Dieter wrote: >> Patrick O'Callaghan wrote: >> >>> I have a Samba server running on a NAS, but according to my Windows VM >>> it's running SMB1 and is thus insecure, so Windows won't connect to it. >>> >>> I've added the line "min protocol = SMB2" to the smb.conf file and >>> restarted the service, but Windows remains unconvinced. >>> >>> What else do I need to do? Is there an easy way to ping the server >>> (from Linux) and check what protocol it's using? Note that Linux has no >>> problem connecting to the server. >> An excellent question for a samba support forum (and mention what version of >> samba you're using). >> >> One option: >> https://lists.samba.org/mailman/listinfo/samba > Sure. I recognise that this isn't a Fedora issue, however I've had some > luck with Samba questions here in the past so I thought I'd check first > in case it's something obvious. Not really interested in becoming a > Samba expert ... > > The Samba version is 3.2.15. > OK I found the way to list the versions being offered by a remote service. nmap -p445 --script smb-protocols Example, for my NAS [root@meimei ~]# nmap -p445 --script smb-protocols ds Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-14 23:14 CST Nmap scan report for ds (192.168.1.152) Host is up (0.00027s latency). PORT STATE SERVICE 445/tcp open microsoft-ds MAC Address: 00:11:32:2A:64:E2 (Synology Incorporated) Host script results: | smb-protocols: | dialects: | 2.02 | 2.10 | 3.00 | 3.02 |_ 3.11 -- Fedora Users List - The place to go to speculate endlessly signature.asc Description: OpenPGP digital signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
On 01/14/18 21:51, Patrick O'Callaghan wrote: > I have a Samba server running on a NAS, but according to my Windows VM > it's running SMB1 and is thus insecure, so Windows won't connect to it. > > I've added the line "min protocol = SMB2" to the smb.conf file and > restarted the service, but Windows remains unconvinced. > > What else do I need to do? Is there an easy way to ping the server > (from Linux) and check what protocol it's using? Note that Linux has no > problem connecting to the server. > Who is your NAS supplier? Maybe try adding min protocol=SMB2 max protocol=SMB3 and restarting the service on your NAS? If that doesn't work, does your NAS supplier have a support line? I could not find a way to determine remotely the version of smb in use. If you find out, that would be good to know. -- Fedora Users List - The place to go to speculate endlessly signature.asc Description: OpenPGP digital signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
On Sun, 2018-01-14 at 08:57 -0600, Rex Dieter wrote: > Patrick O'Callaghan wrote: > > > I have a Samba server running on a NAS, but according to my Windows VM > > it's running SMB1 and is thus insecure, so Windows won't connect to it. > > > > I've added the line "min protocol = SMB2" to the smb.conf file and > > restarted the service, but Windows remains unconvinced. > > > > What else do I need to do? Is there an easy way to ping the server > > (from Linux) and check what protocol it's using? Note that Linux has no > > problem connecting to the server. > > An excellent question for a samba support forum (and mention what version of > samba you're using). > > One option: > https://lists.samba.org/mailman/listinfo/samba Sure. I recognise that this isn't a Fedora issue, however I've had some luck with Samba questions here in the past so I thought I'd check first in case it's something obvious. Not really interested in becoming a Samba expert ... The Samba version is 3.2.15. poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Samba version woes
Patrick O'Callaghan wrote: > I have a Samba server running on a NAS, but according to my Windows VM > it's running SMB1 and is thus insecure, so Windows won't connect to it. > > I've added the line "min protocol = SMB2" to the smb.conf file and > restarted the service, but Windows remains unconvinced. > > What else do I need to do? Is there an easy way to ping the server > (from Linux) and check what protocol it's using? Note that Linux has no > problem connecting to the server. An excellent question for a samba support forum (and mention what version of samba you're using). One option: https://lists.samba.org/mailman/listinfo/samba -- Rex ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org