Re: Fedora Workstation connects using NT1 protocol by default

2017-04-06 Thread Alexander Bokovoy 

On ke, 05 huhti 2017, Chris Murphy wrote:

On Wed, Apr 5, 2017 at 6:14 PM, Chris Murphy  wrote:


Problem is, I can no longer connect through Nautilus from this same
computer and login environment. It doesn't see the server at all in
the GUI. If I comment out this line and reboot (logging out and
logging back in does not fix it), now it's back. I've reproduced this
several times.



https://bugzilla.gnome.org/show_bug.cgi?id=780958

Thanks for filing it.
--
/ Alexander Bokovoy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Fedora Workstation connects using NT1 protocol by default

2017-04-05 Thread Chris Murphy 
On Wed, Apr 5, 2017 at 6:14 PM, Chris Murphy  wrote:

> Problem is, I can no longer connect through Nautilus from this same
> computer and login environment. It doesn't see the server at all in
> the GUI. If I comment out this line and reboot (logging out and
> logging back in does not fix it), now it's back. I've reproduced this
> several times.


https://bugzilla.gnome.org/show_bug.cgi?id=780958



-- 
Chris Murphy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Fedora Workstation connects using NT1 protocol by default

2017-04-05 Thread Chris Murphy 
On Wed, Apr 5, 2017 at 1:38 AM, Alexander Bokovoy  wrote:
> On ti, 04 huhti 2017, Chris Murphy wrote:
>>
>> Hi,
>>
>> Got a Fedora 25 Server using fairly default smb.conf, nothing special,
>> just to share some storage.
>>
>> Three clients: macOS 10.12.4, Fedora 26, and Windows 10
>>
>> On the server, using 'smbstatus' I see the following protocols used
>> for each client when connected:
>>
>> Windows 10: SMB3_11
>> macOS: SMB3_02
>> Fedora 26: NT1
>>
>> This is true whether I use smbclient or Nautilus to make the connection.
>>
>>
>> The smb.conf man page says for "client min protocol" and "client max
>> protocol":
>>
>>   Normally this option should not be set as the automatic
>> negotiation phase in the SMB protocol takes care of choosing the
>> appropriate protocol.
>
> We discussed that some time ago upstream and decided still to keep NT1
> as default. There are still too many servers running with NT1 variant --
> almost all consumer class NAS servers from 5-7 years old don't support
> SMB2 or higher protocols. This is noticeable.

Yeah.


> We can add couple lines explaining how to change defaults in smb.conf
> shipped with Samba.


What's missing, is the connect the dots that the smbclient
specifically is limited to NT1 by default, and therefore
autonegotiation mentioned in the man page does not apply. The only way
to get autonegotiation for the smbclient is to have a local smb.conf


>> client min protocol = SMB2
>> client max protocol = SMB3
>>
>> Both Nautilus and smblient connect with NT1 protocol.
>
> You did not change client side options.

When I add only the line:

client max protocol = SMB3

To the client computer /etc/samba/smb.conf, when I connect using
smbclient, it is an SMB3_11 protocol version connection. That's good.

Problem is, I can no longer connect through Nautilus from this same
computer and login environment. It doesn't see the server at all in
the GUI. If I comment out this line and reboot (logging out and
logging back in does not fix it), now it's back. I've reproduced this
several times.

CURIOUSLY, over on the server, it thinks there's some connection
that's been made by Nautilus, even though Nautilus sees nothing and
reports no errors either in the GUI or in the journal. I'm gonna guess
this is a bug...

Samba version 4.5.6
PID Username GroupMachine
 Protocol Version  Encryption   Signing

15018   nobody   nobody   f26h (ipv4:10.0.0.122:56622)
 SMB3_11   --

Service  pid Machine   Connected at
Encryption   Signing
-
IPC$ 15018   f26h  Wed Apr  5 06:09:13 PM 2017 MDT  -
  -

No locked files






-- 
Chris Murphy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Fedora Workstation connects using NT1 protocol by default

2017-04-05 Thread Alexander Bokovoy 

On ke, 05 huhti 2017, Florian Weimer wrote:

On 04/05/2017 09:38 AM, Alexander Bokovoy wrote:

We discussed that some time ago upstream and decided still to keep NT1
as default. There are still too many servers running with NT1 variant --
almost all consumer class NAS servers from 5-7 years old don't support
SMB2 or higher protocols. This is noticeable.


Do you know how do Windows and Macos deal with this?  Does the 
connection just fail?

Mostly yes. There are many factors at play here, though, including
requirements for signing and others.

Our current defaults:
client max protocol: NT1
client min protocol: CORE
server max protocol: SMB3
server min protocol: LANMAN1

I think we can change 'client max protocol' to SMB3.

However, we also would need to consider the fact that SMB2/3 do not have
Unix Extensions yet, they only work at SMB1 (NT1) level. This affects
those mounting homes with cifs.ko.

--
/ Alexander Bokovoy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Fedora Workstation connects using NT1 protocol by default

2017-04-05 Thread Florian Weimer 

On 04/05/2017 09:38 AM, Alexander Bokovoy wrote:

We discussed that some time ago upstream and decided still to keep NT1
as default. There are still too many servers running with NT1 variant --
almost all consumer class NAS servers from 5-7 years old don't support
SMB2 or higher protocols. This is noticeable.


Do you know how do Windows and Macos deal with this?  Does the 
connection just fail?


Thanks,
Florian
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Fedora Workstation connects using NT1 protocol by default

2017-04-05 Thread Alexander Bokovoy 

On ti, 04 huhti 2017, Chris Murphy wrote:

Hi,

Got a Fedora 25 Server using fairly default smb.conf, nothing special,
just to share some storage.

Three clients: macOS 10.12.4, Fedora 26, and Windows 10

On the server, using 'smbstatus' I see the following protocols used
for each client when connected:

Windows 10: SMB3_11
macOS: SMB3_02
Fedora 26: NT1

This is true whether I use smbclient or Nautilus to make the connection.


The smb.conf man page says for "client min protocol" and "client max protocol":

  Normally this option should not be set as the automatic
negotiation phase in the SMB protocol takes care of choosing the
appropriate protocol.

We discussed that some time ago upstream and decided still to keep NT1
as default. There are still too many servers running with NT1 variant --
almost all consumer class NAS servers from 5-7 years old don't support
SMB2 or higher protocols. This is noticeable.

We can add couple lines explaining how to change defaults in smb.conf
shipped with Samba.



If I do:

server min protocol = SMB2
server max protocol = SMB3

These are _server_ options, not _client_ as above.



Windows and macOS can still connect however:

[chris@f26h ~]$ smbclient //10.0.0.3/brick1
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE

If I comment out the above, and go with:

client min protocol = SMB2
client max protocol = SMB3

Both Nautilus and smblient connect with NT1 protocol.

You did not change client side options.



If I use:

smbclient -m smb3 //10.0.0.3/brick1

I get SMB3_11 protocol connection. So the smbclint *can* do SMB3_11,
it just refuses to autonegotiate it, and even seems to ignore the
server's client and server min directive.

-m option simply sets 'client max protocol' to its value.


I'm not sure how to get Nautilus to use SMB3 or if it even supports
it, or if it's ultimately using smbclient behind the scene.

It is using libsmb library which uses client options from smb.conf

--
/ Alexander Bokovoy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org