CRUNCHIE_77
Cadet
- Joined
- Nov 26, 2018
- Messages
- 3
Hi
I having one of those bang-your-head moments. I have just built a new Freenas 11.1 U6 appliance which is connected to Active Directory.
So far all good!
However I am having an issue with SAMBA levels. I require legacy (Windows 2003 / XP devices) to connect to the shares to write data. Setting minimum version to NT1 and Maximum to SMB3 resolves this issue. Until i set this i could not even browse to the shares from legacy machines. Also On these devices I have also set NTLMv2 in security policy as "Send NTLMv2 responses only. Refuse LM & NTLM"
However then the corporate domain connected Windows 8 devices (which have SMBv1 disabled) do not connect.
I have other W12r2 servers that are part of the domain but not centrally controlled (so different GPO) and they cannont connect either, nor can a standalone Windows 10 device.
If I set minimum to SMBv2 the Windows 8 devices etc are OK but then the Legacy devices of course cannot connect.
I need to have the best of both worlds as the Legacy devices will be backing up to it.
I have tried setting the maximum to say SMB2_10 but still no good, the corporate devices are refusing to connect. I would have thought that a client device would start with the highest then work its was down. Odd why the W12r2 boxes are OK.
Note I have no bearing of changing any of the GPO's for the Windows 8 devices are they are centrally controlled. I can change anything else.
I am happy to have say a SAMBA share for legacy and a SAMBA share for SMBv2 upwards if that is possible ( i dont think it is but I know nothing!)
Anyideas? Attached is the SMB4.conf file
I having one of those bang-your-head moments. I have just built a new Freenas 11.1 U6 appliance which is connected to Active Directory.
So far all good!
However I am having an issue with SAMBA levels. I require legacy (Windows 2003 / XP devices) to connect to the shares to write data. Setting minimum version to NT1 and Maximum to SMB3 resolves this issue. Until i set this i could not even browse to the shares from legacy machines. Also On these devices I have also set NTLMv2 in security policy as "Send NTLMv2 responses only. Refuse LM & NTLM"
However then the corporate domain connected Windows 8 devices (which have SMBv1 disabled) do not connect.
I have other W12r2 servers that are part of the domain but not centrally controlled (so different GPO) and they cannont connect either, nor can a standalone Windows 10 device.
If I set minimum to SMBv2 the Windows 8 devices etc are OK but then the Legacy devices of course cannot connect.
I need to have the best of both worlds as the Legacy devices will be backing up to it.
I have tried setting the maximum to say SMB2_10 but still no good, the corporate devices are refusing to connect. I would have thought that a client device would start with the highest then work its was down. Odd why the W12r2 boxes are OK.
Note I have no bearing of changing any of the GPO's for the Windows 8 devices are they are centrally controlled. I can change anything else.
I am happy to have say a SAMBA share for legacy and a SAMBA share for SMBv2 upwards if that is possible ( i dont think it is but I know nothing!)
Anyideas? Attached is the SMB4.conf file