Ubuntu
samba package

samba client negotiates down to NT1 instead of up to SMB3_11, doesn't happen with Windows 10 client

Bug #1598463 reported by penalvch
38
This bug affects 7 people
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Clients: Windows 10 Pro 64-bit, Ubuntu 16.04

Client and server samba version:
apt policy samba
samba:
  Installed: 2:4.3.9+dfsg-0ubuntu0.16.04.2
  Candidate: 2:4.3.9+dfsg-0ubuntu0.16.04.2
  Version table:
 *** 2:4.3.9+dfsg-0ubuntu0.16.04.2 500
        500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status
     2:4.3.8+dfsg-0ubuntu1 500
        500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

What is expected to happen is by default if one makes a connection via Ubuntu 16.04 using Nautilus or smbclient to Ubuntu 16.04 samba server, it automatically negotiates to the highest protocol available from the samba server (SMB3_11), just like it does when connecting from a Windows 10 client.

What happens instead is via Nautilus or smbclient it consistently negotiates to NT1, making the share useless from a speed perspective when connecting over ethernet or 802.11ac.

From the client:
$ smbclient //192.168.0.107/share

On the server:
$ sudo smbstatus

Samba version 4.3.9-Ubuntu
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------
3970 moniker moniker 192.168.0.101 (ipv4:192.168.0.101:49966) NT1

Service pid machine Connected at
-------------------------------------------------------
share 3970 192.168.0.101 Sat Jul 2 11:09:09 2016

No locked files

However, if I modify the smbclient as follows it does negotiate to SMB3_11:
smbclient //192.168.0.107/share -m SMB3_11

From the server:
sudo smbstatus

Samba version 4.3.9-Ubuntu
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------
3980 moniker moniker 192.168.0.101 (ipv4:192.168.0.101:49968) Unknown (0x0311)

Service pid machine Connected at
-------------------------------------------------------
share 3980 192.168.0.101 Sat Jul 2 11:10:34 2016

No locked files

From the server:
$ smbclient -L localhost
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.3.9-Ubuntu]

 Sharename Type Comment
 --------- ---- -------
 print$ Disk Printer Drivers
 IPC$ IPC IPC Service (pc server (Samba, Ubuntu))
 share Disk
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.3.9-Ubuntu]

 Server Comment
 --------- -------
 PC pc server (Samba, Ubuntu)

 Workgroup Master
 --------- -------
 WORKGROUP

The smb.conf file is default with a handful of changes below, not relating to protocol (removing them doesn't change anything). Also, declaring min protocol to be SMB3 causes the share not to be visible by Nautilus:
[global]
encrypt passwords = true
server signing = mandatory
inherit acls = yes
inherit owner = yes
inherit permissions = yes

[share]
path = /home/moniker/Desktop/share
read only = no
guest ok = yes
writeable = yes
browseable = yes

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: samba 2:4.3.9+dfsg-0ubuntu0.16.04.2
ProcVersionSignature: Ubuntu 4.4.0-28.47-generic 4.4.13
Uname: Linux 4.4.0-28-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: GNOME-Flashback:Unity
Date: Sat Jul 2 11:05:33 2016
InstallationDate: Installed on 2015-12-18 (196 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
SambaClientRegression: No
SourcePackage: samba
UpgradeStatus: Upgraded to xenial on 2016-01-20 (164 days ago)

Revision history for this message
penalvch (penalvch) wrote :
Revision history for this message
Stefan Metzmacher (metze) wrote :

client max protocol = SMB3_11 may help, but that's not the default as not everything is completely
working (on the client side) in this mode.

Revision history for this message
penalvch (penalvch) wrote :

I'm using Zesty, which speaks at 3.1.1 dialect with Windows 10.

Changed in samba (Ubuntu):
status: Triaged → Invalid
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Upstream is slowly changing its default regarding the protocol. Just today I saw a patch in the ML changing the CIFS default from SMB1 to SMB3, and a few weeks ago a bunch of test changes were landing also as a result of changing protocol versions. We are getting there.

Revision history for this message
Julian Alarcon (julian-alarcon) wrote :

It shouldn't be marked as invalid. I can't access Shared Folders of Windows 10 using Ubuntu 17.10 on Nautilus, I found a workaround, use option -m SMB3 (I have to change smb.conf).

julian@e01a27166:/var/log/samba$ smbclient -L //10.80.35.54 -U julian.alarcon -m SMB1
WARNING: Ignoring invalid value 'SMB1' for parameter 'client max protocol'
WARNING: The "syslog" option is deprecated
Enter julian.alarcon's password:
protocol negotiation failed: NT_STATUS_CONNECTION_RESET

julian@e01a27166:/var/log/samba$ smbclient -L //10.80.35.54 -U julian.alarcon -m SMB3
WARNING: The "syslog" option is deprecated
Enter julian.alarcon's password:
Domain=[CARACOL] OS=[] Server=[]

 Sharename Type Comment
 --------- ---- -------
 ADMIN$ Disk Remote Admin
 C$ Disk Default share
 CARACOL Disk
 Downloads Disk
 IPC$ IPC Remote IPC
 Registro Disk
Connection to 10.80.35.54 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
NetBIOS over TCP disabled -- no workgroup available

Workaround:

Edit /etc/samba/smb.conf
Add this line in [global] section:

   client max protocol = SMB3

Then restart Samba services with:

sudo systemctl restart smbd
sudo systemctl restart nmbd

Now I can connect to shared folder in Windows 10 from Nautilus (Ubuntu 17.10)

Changed in samba (Ubuntu):
status: Invalid → Confirmed
Revision history for this message
Julian Alarcon (julian-alarcon) wrote :

Ok, I check and the Windows 10 client have disabled the SMBv1 protocol.

But the next version of Windows Server will disable it by default:
https://support.microsoft.com/en-au/help/4034314/smbv1-is-not-installed-by-default-in-windows-10-rs3-and-windows-server

*---*
- Windows 10 Enterprise and Windows 10 Education no longer contain the SMBv1 client or server by default after a clean installation.
- Windows Server 2016 no longer contains the SMBv1 client or server by default after a clean installation.
- Windows 10 Home and Windows 10 Professional no longer contain the SMBv1 server by default after a clean installation.
- Windows 10 Home and Windows 10 Professional still contain the SMBv1 client by default after a clean installation. If the SMBv1 client is not used for some time, it automatically uninstalls itself.
*---*

Revision history for this message
penalvch (penalvch) wrote :

Julian Alarcon, this report is scoped only to not getting maximum negotiation upon a successful connection, not your problem of it won't connect at all.

However, given the security implications of using NT1, the original premise of this report isn't valid, and is no longer of use to me as the original reporter.

Hence, if you have a problem file a new report (not status toggle this one).

Changed in samba (Ubuntu):
status: Confirmed → Invalid
importance: High → Undecided
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.