We had failure connecting to NetApp, with SMB3.1.1 dialect. The problem is that for SMB3.1.1 we don't allow the encryption flag to be set, but this is a "SHOULD NOT" not a "MUST NOT" (and NetApp sets it for 3.1.1). The problem is below: libcli/smb/smbXcli_base.c: if (conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION) { tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); return; } See Edgars blog post
Reproduced at test event, and notified NetApp Just need to remove the overly strict check (see above) in smbXcli_base.c
(In reply to Steve French from comment #1) Note that if you set dialect to SMB3.02 it works as expected
Created attachment 13574 [details] proposed patch for fixing Samba client library and tools access to NetApp
https://blogs.msdn.microsoft.com/openspecification/2015/09/09/smb-3-1-1-encryption-in-windows-10/ shows that when SMB3_11 is negotiated, the server *should* not use capabilities to negotiate encryption (it uses contexts), but it isn't a *must* not. So we can mask this off from the conn->smb2.server.capabilities stored on the client side.
Created attachment 13575 [details] git-am fix for master. How about this one instead ?
That looks wrong - unrelated patch to this bug
Created attachment 13584 [details] git-am fix for master. Sorry for the wrong one, this should work.
Found on latest 4.5 with min and max protocol set to their new higher values (and recreated on latest 4.7 which has updated defaults for dialects)
Created attachment 13597 [details] Patch for v4-7-test
Pushed to autobuild-v4-7-test.
Pushed to v4-7-test. Do we want this also for 4.6?
Pushed to v4-7-test.
Closing out bug report. Please feel free to re-open if it should be in 4.6 also.