SOLVED Changes in SMB for 11.1U5 to 11.1U6?

[Steffen K.]

I have two old machines here running on Windows XP. These are dumb data loggers that basically just save CSV files to a SMB share on a Freenas server from time to time.

This has worked flawlessly up to 11.1U5. When updating to 11.1U6 on Wednesday they both didn't even see the share itself anymore. So right now I'm using the 11.1U5 environment again.

What has changed here? No more SMB1 by default? And if yes how can I enable it again?

 

[inf3rn0e]

I just upgraded also and I'm fairly positive I saw a message or warning for SMB1 during FreeNAS boot, iirc regarding a configuration. I'll restart and see if I can catch it. I grepped through everything in /var/log and didn't see anything logged recently for SMB. I'll let you know if I catch it while rebooting.

 

[inf3rn0e]

Here's the single line I saw toward the end of the boot process on my install regarding smb4.conf, I guess I didn't see SMB1 specifically. I've yet to check to see if SMB is working or not from a windows box but that's next (the service is running however). I'll let that be a me problem for now because I don't know if it's related to the issue you're having or not. :)

Code:

...
Can't load /usr/local/etc/smb4.conf - run testparm to debug it
Performing sanity check on Samba configuration: OK
Starting nmbd.
Starting smdb.
...

However, I just found [1] that you may be able to do the following. Go into your SMB configuration and try pasting the following into the "Auxiliary Parameters" field. Doing so will add that parameter to the SMB.conf.

Code:

min protocol = SMB1

[1] - https://www.reddit.com/r/freenas/comments/7n8c9a/freenas_111_where_is_the_smb_minimum_protocol/

 

[inf3rn0e]

Here's the single line I saw toward the end of the boot process on my install regarding smb4.conf, I guess I didn't see SMB1 specifically. I've yet to check to see if SMB is working or not from a windows box but that's next (the service is running however). I'll let that be a me problem for now because I don't know if it's related to the issue you're having or not. :)

File sharing still working as expected from a Windows 10 client, I don't have an XP machine to test SMB1, but I hope my mentioning of that SMB minimum protocol version config option helps. Make sure to restart the SMB service after adding that option.

 

[MrToddsFriends]

And if yes how can I enable it again?

https://www.ixsystems.com/blog/library/freenas-11-1-u6/

 

[KrisBee]

I just upgraded also and I'm fairly positive I saw a message or warning for SMB1 during FreeNAS boot, iirc regarding a configuration. I'll restart and see if I can catch it. I grepped through everything in /var/log and didn't see anything logged recently for SMB. I'll let you know if I catch it while rebooting.

FYI, no need to restart as these things should be noted in the associated changelog, e.g:
https://download.freenas.org/11/11.1-U6/ChangeLog which includes:
40716 Disable SMB1 by default

It's always worth reviewing the changelog to avoid obvious gothcas when upgrading versions.

 

[anodos]

The server min protocol is also controlled by a sysctl on FreeNAS.
freenas.services.smb.config.server_min_protocol

So you can run the command sysctl freenas.services.smb.config.server_min_protocol=NT1 to temporarily lower the value of the server minimum protocol to SMB1. If this fixes your problem, then you can make it permanent by adding the sysctl under System->Tunables:

Variable = freenas.services.smb.config.server_min_protocol
Value = NT1
Type = Sysctl
Comment = "whatever you want"


NOTE: once you change this value you should toggle the "on" / "off" button in the UI for services->SMB or regenerate the smb4.conf file python /usr/local/libexec/nas/generate_smb4_conf.py

 

[kooper2015]

DANG! That helped (XP won't see shares, as it only supports SMB1).

I did see this in the release notes of 11.1U6, but I did not expect that turning off SMB1 ('by default') could affect EXISTING configurations! Previously installed 11.1U5 worked.

Dropping support for SMB1 is an AWFUL change. Either this was a concious decision by the devs (then a warning for SMB1 users would have been REQUIRED in the release notes) or nobody thought about that. New users will be lost (OK, there are not too many using SMB1). Shame anyway, imho.

Thanks, anodos!

 

[mikesm]

DANG! That helped (XP won't see shares, as it only supports SMB1).

I did see this in the release notes of 11.1U6, but I did not expect that turning off SMB1 ('by default') could affect EXISTING configurations! Previously installed 11.1U5 worked.

Dropping support for SMB1 is an AWFUL change. Either this was a concious decision by the devs (then a warning for SMB1 users would have been REQUIRED in the release notes) or nobody thought about that. New users will be lost (OK, there are not too many using SMB1). Shame anyway, imho.

Thanks, anodos!

Windows XP is no longer supported by Microsoft, and is really pretty unsafe to run. If deprecating SMB1 helps to get rid of windows XP in the field, that's probably a good thing.

You really should be upgrading from XP for reasons beyond Freenas...

thx
mike

 

[userseven]

I don't care about Windows XP, but this impacts a lot of android+ios devices and kodi boxes, and in situations that you would hardly call "legacy" (like clowns still rocking Windows XP and have the gall to expect a seamless networking experience). Personally I don't feel the need to ramp up security on my NAS, if feces hit the fan and the samba version on my NAS is the last line of defense then I'm an idiot anyway and I SHOULD get my movies encrypted. ;)
Anyway, the tunable fix worked for me, so kudos for that, who wants to join me at a session of high fives and wannacryes?

 

[olly86]

Adding the Tunables fixed Sonos' connection issues for me, it also requires SMBv1. This was a badly thought out change, there's so much stuff still relying on the obsolete protocol.

 

[Asday]

I don't care about Windows XP, but this impacts a lot of android+ios devices and kodi boxes, and in situations that you would hardly call "legacy" (like clowns still rocking Windows XP and have the gall to expect a seamless networking experience). Personally I don't feel the need to ramp up security on my NAS, if feces hit the fan and the samba version on my NAS is the last line of defense then I'm an idiot anyway and I SHOULD get my movies encrypted. ;)
Anyway, the tunable fix worked for me, so kudos for that, who wants to join me at a session of high fives and wannacryes?

This guy gets it. Updated to U6 last night and come lunch time today, I needed to spend it troubleshooting my NAS, instead of using it to watch stupid anime. I read the patch notes provided in the webUI, and nothing in there jumped out at me as a "WE ARE GOING TO BREAK YOUR SAMBA" warning.

I also wouldn't really call Linux Mint 18 "legacy". :/

 

[TombR]

The server min protocol is also controlled by a sysctl on FreeNAS.
freenas.services.smb.config.server_min_protocol

So you can run the command freenas.services.smb.config.server_min_protocol=NT1 to temporarily lower the value of the server minimum protocol to SMB1. If this fixes your problem, then you can make it permanent by adding the sysctl under System->Tunables:

Variable = freenas.services.smb.config.server_min_protocol
Value = NT1
Type = Sysctl
Comment = "whatever you want"


NOTE: once you change this value you should toggle the "on" / "off" button in the UI for services->SMB or regenerate the smb4.conf file python /usr/local/libexec/nas/generate_smb4_conf.py

Thanks, it's very usefull :) it's wofking for me :) Thank You.

 

[NatGarrison]

I have an old Windows 2003 Server that no longer connects and also I have a Ricoh Scanner/Printer/Copies that no longer connects when trying to do a scan after installing the 11.1U6 update. I'm going to take it back to 11.1U5

 

[anodos]

I have an old Windows 2003 Server that no longer connects and also I have a Ricoh Scanner/Printer/Copies that no longer connects when trying to do a scan after installing the 11.1U6 update. I'm going to take it back to 11.1U5

You can re-enable SMB1 support per the steps I listed above.

 

[Steffen K.]

Adding the tunable also worked for me.

Windows XP is no longer supported by Microsoft, and is really pretty unsafe to run.

How could Windows XP basically running only "Hello, World!" without any real network connections be unsafe these days?

 

[Chris Moore]

SMB1 is vulnerable to hacks that are well known and the protocol should not be used any more. A device that can only use SMB1 is vulnerable to be compromised and should be upgraded. If it is not upgradeable, it should be replaced.

Sent from my SAMSUNG-SGH-I537 using Tapatalk

 

[Chris Moore]

PS. This is not a bad thing, it is overdue.

Sent from my SAMSUNG-SGH-I537 using Tapatalk

 

[avalon60]

When I do:
[root@freenas ~]# freenas.services.smb.config.server_min_protocol=NT1

it returns this:
bash: freenas.services.smb.config.server_min_protocol=NT1: command not found
[root@freenas ~]#

Is there anything else I can do

 

[Chris Moore]

When I do:
[root@freenas ~]# freenas.services.smb.config.server_min_protocol=NT1

it returns this:
bash: freenas.services.smb.config.server_min_protocol=NT1: command not found
[root@freenas ~]#

Is there anything else I can do

You missed part of the command.

sysctl freenas.services.smb.config.server_min_protocol=NT1


Sent from my SAMSUNG-SGH-I537 using Tapatalk