-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
SOLVED Changes in SMB for 11.1U5 to 11.1U6?
- Thread starter Steffen K.
- Start date
- Joined
- Mar 6, 2014
- Messages
- 9,554
Apologies. I've fixed my post.
TheBobWiley
Cadet
- Joined
- Jul 5, 2018
- Messages
- 1
11.6's dropping of SMB1 also seems to break the "cifsacl" flag I have been using in my fstab mounts for everything connecting to my FreeNAS server. Cifsacl allowed all of the ACLs/ACEs I have added to files/folders to show up correctly on the target machines without any configuration. Also made local uids and gids map to FreeNAS created uids and gids properly. Now I am using the uid=,gid=,file_mode=, and dir_mode= flags in my fstab mounts just to get proper read/write access, but none of my ACLs work, which allows target machines to now have greater access to some files/folders than they should. Took me a while to realize the problem was the U6 update causing issues since I had not rebooted any of my machines with active mounts to see them fail to re-connect.
Ding Ding Ding. That fixed it for me.
Chris Moore
Hall of Famer
- Joined
- May 2, 2015
- Messages
- 10,080
The entire industry is trying to get everyone off of the old protocol because it is inherently insecure. The devices you have that are still using it, and can't be upgraded, need to go in the rubbish bin of history. If you choose to continue to use something that is antiquated, you should expect to have some difficulty making it work.
rumbeard
Dabbler
- Joined
- Sep 10, 2018
- Messages
- 17
Here's the issue I face. I had U5 working with min protocol SMB2, NTLM1 auth not enabled and my HP ColorLaserjet Pro MFP M277dw scans to the network location just fine. I even downgraded the OS to test. On U6 I have to enable NTLMv1 and also Min protocol NT1. Not sure why. The debug is doing SMB 2.002 and NTLM 0.12 in its test attempt. There's a thread on Illumos support about max rw for SMB 2, but a little fiddling there didn't help. I think it would be nice to know more of what changed besides simple protocol disable. My printer is supposed to know how to do SMB 2.
- Joined
- Mar 6, 2014
- Messages
- 9,554
ntlm auth was patched to fix this issue: https://www.samba.org/samba/security/CVE-2018-1139.html
It's possible that there's a problem with the patch for ntlm auth, or it's possible that HP has "extremely misconfigured" the SMB client in its printers. Grab a pcap of the printer authenticating to the FreeNAS server and PM it to me (or create a redmine ticket for it).
PhilipS
Contributor
- Joined
- May 10, 2016
- Messages
- 179
FYI to anyone running Server 2008 (not R2) or Vista or maybe some copiers/devices that support SMB2, but are not working with U6. The change to min protocol SMB2 also disables SMB2.002. The default for SMB2 in samba is SMB2_10. To get these older machines to work, it is probably better to set the min protocol to SMB2_02 rather than going back to NT1.
I wonder if the developers intended to jump to 2.10?
I wonder if the developers intended to jump to 2.10?
- Joined
- Mar 6, 2014
- Messages
- 9,554
I believe that was an oversight. It has been dropped down 2.02 in this commit https://github.com/freenas/freenas/commit/f97d5e48e6161699598fabe0e470932b1959e0f4
So U7 / FreeNAS 11.2 will be fixed for Server 2008.
ajschot
Patron
- Joined
- Nov 7, 2016
- Messages
- 341
maybe this does not have to be here.... but does anybody also have stability issues?
i use mainly macos and i found that with copying big files (1Gb or more) the connection gets lost, it is really annoying, i never had this issue on 11.1-u5 and before...
i use mainly macos and i found that with copying big files (1Gb or more) the connection gets lost, it is really annoying, i never had this issue on 11.1-u5 and before...
- Joined
- Mar 6, 2014
- Messages
- 9,554
Try setting the following sysctl:
sysctl net.inet.tcp.reass.maxqueuelen=1437. This is related to a security fix in upstream FreeBSD that made it into 11.1-U6.
- Joined
- May 19, 2017
- Messages
- 1,829
I suggest dropping SMB1 from your FreeNAS since it dumbs down security. Why intentionally make the server more vulnerable to hacking instead of less?
I run my Sonos content off a 'burner' USB-powered 2.5" HDD on a Apple Airport. Works beautifully and ensures that Sonos can't create a security risk for my content. Sonos has a long history of deprecating support for the first adopters, i.e. folk with NAS (by not adopting SMB2+ even though the developers at MS offered to do it for them), just as they dropped support for the CR100 controller by intentionally bricking them with a software "update". My pi-holes also blackhole Sonos' apparent attempts to capture metrics off my system even though my metrics are supposed to be turned off.
I keep the master copy of my music content on the FreeNAS, a copy goes to the Airport-attached HDD. Easy enough using any one of the many rsync programs out there.
I run my Sonos content off a 'burner' USB-powered 2.5" HDD on a Apple Airport. Works beautifully and ensures that Sonos can't create a security risk for my content. Sonos has a long history of deprecating support for the first adopters, i.e. folk with NAS (by not adopting SMB2+ even though the developers at MS offered to do it for them), just as they dropped support for the CR100 controller by intentionally bricking them with a software "update". My pi-holes also blackhole Sonos' apparent attempts to capture metrics off my system even though my metrics are supposed to be turned off.
I keep the master copy of my music content on the FreeNAS, a copy goes to the Airport-attached HDD. Easy enough using any one of the many rsync programs out there.
ajschot
Patron
- Joined
- Nov 7, 2016
- Messages
- 341
I only use SMB3, to mention i made a bug report but it took forever to make a debug log and eventually it never came finished, in the end i got a message that it should be solved in last week update.... but no.... problem is still there... i think i have to do a fresh install but it is so much work and... the problems is proberbly going to come back again when loading the config file in....
- Joined
- May 19, 2017
- Messages
- 1,829
Hi ajschot, my message wasn't in response to yours. :) Rather, it was a reaction to anyone contemplating turning on SMB1and/or NTLM v1 just to make their NAS compatible with Sonos gear or any other outdated gear. My message is simple: don't do it because it can impact NAS security via unpatched (and likely to remain unpatched) security issues.
I have had no issues with SMB Time Machine transfers thus far (which is the only one using SMB at the moment here). Later this year I plan to put much of my AFP infrastructure to rest since most machines will transition to High Sierra and up. I may keep AFP alive for the legacy 68K/PowerPC machines here. :)
I have had no issues with SMB Time Machine transfers thus far (which is the only one using SMB at the moment here). Later this year I plan to put much of my AFP infrastructure to rest since most machines will transition to High Sierra and up. I may keep AFP alive for the legacy 68K/PowerPC machines here. :)
Cool! What's the oldest version of MacOS that you have successfully connecting to FreeNAS AFP?
