Bug 14322 - Server not accessible when config option "server max protocol = NT1" specified
Summary: Server not accessible when config option "server max protocol = NT1" specified
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.11.7
Hardware: All Linux
: P5 major (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-18 19:24 UTC by Carsten Menke
Modified: 2020-03-31 06:58 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Menke 2020-03-18 19:24:27 UTC
We recently upgraded from Samba 4.9 to Samba 4.11.7 after upgrading the clients (Windows 7 and Windows 10) failed to access the network shares. We tracked this down that the config option server max protocol = NT1 is responsible for this

After commenting out "server max protocol = NT1" Access works, unfortunately we really need SMB1 support as our main Application doesn't work in SMB2 reliably.

So our only option is to downgrade to 4.9 right now
Comment 1 Jeremy Allison 2020-03-18 19:28:39 UTC
I'm confused. Once you've upgraded the clients, aren't they then using SMB2 to access the server ? Which would explain why they're not accessing the Samba server.

You need to provide more info, network traces etc. showing what is going on here and what you expect before any progress can be made.
Comment 2 Stefan Metzmacher 2020-03-20 12:04:29 UTC
(In reply to Carsten Menke from comment #0)

If you use "server max protocol = NT1", you also need "server min protocol = NT1".
As the default for "server min protocol" changed to "SMB2_02"
and as result your max protocol is lower than min protocol.

But why are you disabling SMB2/3 for modern clients?
Comment 3 Carsten Menke 2020-03-31 06:58:47 UTC
(In reply to Jeremy Allison from comment #1)

This was just not very good described, this is just what we have done in order while maintaining our network. So the problem is not that the clients are not able to speak SMB2 but that the Application running on the clients is an old DBASE Application which really has problems on SMB2.

So what traces do you exactly need? I can provide them

Setting 

server min protocol = NT1 or LANMAN 
server max protocol = NT1

doesn't help I've tested this. Basically you can just put

server min protocol = NT1
server max protocol = NT1

to your smb.conf and then you will not be able to access any shares (tested with Windows 10) so it's simple to reproduce