11.1-U6 SMB share from Win7 not allowed?

[jlpellet]

Folks,
Tonite, I applied the update from 11.1-U5 to 11.1-U6. It worked successfully with no errors but, after booting in U6, trying to access the SMB shares from Win7 fails with an access permission error on the Win7 box. Reverting to U5 restores access from the same system. Nothing seemed obvious comparing the SMB & share setting between U5 & U6. Any ideas/suggestions appreciated? BTW, GUI & telnet access are normal in U6.
Thanks in advance for any help.
John Pellet

System summary:
Build FreeNAS-11.1-U5

Platform Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz

Memory 7842MB

 

[diedrichg]

They changed the min SMB protocol, that's most likely your problem. They also made a handful other SMB fixes along with some AD patches.
https://forums.freenas.org/index.php?posts/475131

 

[jlpellet]

Thanks for the reply. I'll do more checking but my understanding was Win 7 used SMB 2 by default. I deleted the minimum protocol line from /usr/local/etc/smb4.conf & reloaded smb config then Win7 saw the share but the change to smb4.conf did not survive a reboot. I'll look into this further.

 

[jlpellet]

More follow up from further testing.
1. Deleting the smb4.conf min protocol "fixes" the issue until reboot.
2. Have 2 Win7 systems - 1 sees U6 stores without problem, other does not
3. SMB1 disabled on both Win7 systems.
4. Other (Mac/Linux/FreeBSD) systems seem to have no problem.
Now I have to try to figure out what's different in the 2 Win7 configs.
John Pellet

 

[wfiedler]

Because of this change my XenServer 6.5 could not mount the ISO Library anymore.
The diff of the "fix" for issue 40716 suggests, that this is hardcoded, but I hope I am reading this wrong.

Is there a way to configure SMB1 als server min protocol version permanently?
Adding the "server min protocol = SMB1" in the aux parameters as suggested by the issue description does not work. The SMB server refuses to load after this change and displays the following stacktrace:

Code:

Environment:

Software Version: FreeNAS-11.1-U6 (caffd76fa)
Request Method: POST
Request URL: https://storage.fiwnet.local/services/cifs/


Traceback:
File "/usr/local/lib/python3.6/site-packages/django/core/handlers/exception.py" in inner
  42.			 response = get_response(request)
File "/usr/local/lib/python3.6/site-packages/django/core/handlers/base.py" in _legacy_get_response
  249.			 response = self._get_response(request)
File "/usr/local/lib/python3.6/site-packages/django/core/handlers/base.py" in _get_response
  178.			 response = middleware_method(request, callback, callback_args, callback_kwargs)
File "./freenasUI/freeadmin/middleware.py" in process_view
  162.		 return login_required(view_func)(request, *view_args, **view_kwargs)
File "/usr/local/lib/python3.6/site-packages/django/contrib/auth/decorators.py" in _wrapped_view
  23.				 return view_func(request, *args, **kwargs)
File "./freenasUI/services/views.py" in services_cifs
  209.			 form.save()
File "./freenasUI/services/forms.py" in save
  276.				 "cifs", _("The SMB service failed to reload.")

Exception Type: ServiceFailed at /services/cifs/
Exception Value: The SMB service failed to reload.

Thanks
Wolfgang

 

[giox069]

I have the same problem: I have a NAKIVO Backup VM appliance which wants to write to \\freenas\share via SMB. I upgraded FreeNAS to 11.1-U6 and now NAKIVO backup software can no longer access \\freenas\share. So I reverted back to FreeNAS 11.1-U5 and NAKIVO Backup is working fine again. Am I stuck to 11.1-U5 forever?

 

[jlpellet]

As a result of more testing, I found the Win7 workstation failing to resolve the U6 share had ONLY SMB1 started even thought the driver for SMB2 was present. Have no idea why. From some web searches, ran the following 2 commands on the workstation (admin cmd), at which point SMB2 showed up in dependencies of Workstation service. Restarted the Win7 box & all seems well so far. As always, YMMV. John

"To enable back SMB 2.0 for Windows systems that are the “client” systems run the following commands:

sc config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc config mrxsmb20 start= auto

* note there’s an extra ” ” (space) after the “=” sign."

 

[JustinClift]

Just in case it's useful info, if you're using CentOS 7 and were bitten by this too, it's probably just due to the default SMB version (version 1) that the CentOS 7 SMB client uses.

The CentOS 7 SMB client supports later versions (through to SMB 3.0), which you can tell it to use by including "vers=3.0" in your mount arguments (if using the comment line).

 

[anodos]

If you feel up for experimentation, you can use the SMB3 posix extensions if you do the following:

• Use Linux version 4.18+
• Specify mount "vers=3.11"
• Specify new mount option "posix"

 

[jlpellet]

Folks,
This weekend, from another thread, I understand this is addressed in the blog for 11.1-U6, as shown below. This worked for me.

-----
from: https://www.ixsystems.com/blog/library/freenas-11-1-u6/

SMB1 has been disabled by default for security reasons. If legacy clients are no longer able to connect, type this command in the Shell, then restart the SMB service:
sysctl freenas.services.smb.config.server_min_protocol=NT1
If that resolves the issue, you can make that setting permanent by going to System ? Tunables ?Add Tunable and creating a Tunable with these settings:
Variable: freenas.services.smb.config.server_min_protocol
Value: NT1
Type: Sysctl

 

[JustinClift]

Heh Heh Heh. Learn something every day.

When the potential update appeared in the change list on on the GUI, I went looking in the forum for any kind of useful announcement. Nothing there, so guessed it couldn't be too bad.

Turns out there was a blog post about it instead. I'll try to remember that next time. :)

 

[Alister]

Being looking for this as VLC for Android hasn't been update to use anything other than SMB1.

I didn't want to use Plex just for the tablet & phone

 

[Spud]

Folks,
This weekend, from another thread, I understand this is addressed in the blog for 11.1-U6, as shown below. This worked for me.

-----
from: https://www.ixsystems.com/blog/library/freenas-11-1-u6/


sysctl freenas.services.smb.config.server_min_protocol=NT1
Type: Sysctl

ERRR I forgot the restart the SMB service, it works great.

Thanks

 

[russnas]

Folks,
This weekend, from another thread, I understand this is addressed in the blog for 11.1-U6, as shown below. This worked for me.

-----
from: https://www.ixsystems.com/blog/library/freenas-11-1-u6/

SMB1 has been disabled by default for security reasons. If legacy clients are no longer able to connect, type this command in the Shell, then restart the SMB service:
sysctl freenas.services.smb.config.server_min_protocol=NT1
If that resolves the issue, you can make that setting permanent by going to System ? Tunables ?Add Tunable and creating a Tunable with these settings:
Variable: freenas.services.smb.config.server_min_protocol
Value: NT1
Type: Sysctl

Thank you very much
my HP printer couldn't connect and I realised ver1 was disabled for security reasons.