failing to mount on linux with CIFS (SMB) minimal version x.0

yoavmorag

Cadet
Joined
Apr 7, 2019
Messages
6
we've encountered this problem when setting server minimal SMB version to 2.0 or 3.0 :
the mount will fail when specifying the exact version as the minimal.

i.e. it seems the server checks client_version > min_server_version instead of client_version >= min_server_version

example config + failure :

SmbServiceConfig.png
MountMinimumProtocolSmb2.png

it seems this post indicates a similar problem with 3.0 :https://www.ixsystems.com/community...enas-cifs-smb-share-to-bhyve-ubuntu-vm.58794/
 

KrisBee

Wizard
Joined
Mar 20, 2017
Messages
1,288
Which version of FreeNAS are you using? That looks like 9.10. Which distro/version of Linux is in use?

In both FN 11.1-U7 and FN11.2-U3, the min server protocol defaults to vers=2.0 which is SMB2_02 and an up to date linux client cifs mount should auto-negotiate the highest version, unless you specify it as mount parameter.

You could check the output of testparm -s on your FreeNAS server to actual protocol values. Also the output of smbstatus for the running version of Samba and any connection info.

What reason do you have for restricting Samba connections to vers=2.0?
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
SMB2 = SMB2.10 It does not matter whether it is minimum protocol or maximum protocol. Likewise SMB3 = highest support SMB3 subprotocol. This is samba behavior and will not change.
 

yoavmorag

Cadet
Joined
Apr 7, 2019
Messages
6
Which version of FreeNAS are you using? That looks like 9.10. Which distro/version of Linux is in use?

I am using FreeNAS-11.0-U2 (e417d8aa5) .
client details :
kernel features :
CONFIG_CIFS=m
CONFIG_CIFS_ACL=y
CONFIG_CIFS_DEBUG=y
CONFIG_CIFS_DFS_UPCALL=y
CONFIG_CIFS_FSCACHE=y
CONFIG_CIFS_POSIX=y
CONFIG_CIFS_SMB2=y // Enables SMB2.0/SMB3.0/SMB3.0.2
CONFIG_CIFS_UPCALL=y
CONFIG_CIFS_WEAK_PW_HASH=y
CONFIG_CIFS_XATTR=y

In both FN 11.1-U7 and FN11.2-U3, the min server protocol defaults to vers=2.0 which is SMB2_02 and an up to date linux client cifs mount should auto-negotiate the highest version, unless you specify it as mount parameter.

I do set the version as mount parameter. I am setting it to ensure we fail to connect to 1.0 server.

You could check the output of testparm -s on your FreeNAS server to actual protocol values. Also the output of smbstatus for the running version of Samba and any connection info.

What reason do you have for restricting Samba connections to vers=2.0?
I allow both 3.0 and 2.0, I start by trying 3.0 and if it fails fallback to 2.0. as I said, I implemented this poor auto negotiation because I wanted to avoid connecting to 1.0
 
Last edited:

yoavmorag

Cadet
Joined
Apr 7, 2019
Messages
6
SMB2 = SMB2.10 It does not matter whether it is minimum protocol or maximum protocol. Likewise SMB3 = highest support SMB3 subprotocol. This is samba behavior and will not change.

why is the GUI showing them as separate options then ? in the drop box I can see both SMB2 (2.0 ?) and SMB2_10
 

Attachments

  • 2019_04_08_15_55_40_Greenshot.png
    2019_04_08_15_55_40_Greenshot.png
    12.3 KB · Views: 755

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
To be more specific, this has been replaced with an "enable SMB1 checkbox". If it's checked, then SMB1 is allowed and server min protocol is set to NT1, if it's unchecked, then server min protocol is set to SMB2_02.
 

KrisBee

Wizard
Joined
Mar 20, 2017
Messages
1,288
why is the GUI showing them as separate options then ? in the drop box I can see both SMB2 (2.0 ?) and SMB2_10

@anodos is referring to latest FN11 .
@yoavmorag Your first post screen grab showed you had set both min & max to SMB=2. If all you want to do is to avoid SMB=1 in the version of FreeNAS you are using, why not use the drop-down list to set min to "SMB=2_02" or "SMB=2"_10" and set max to "SMB=3_11"?
 

yoavmorag

Cadet
Joined
Apr 7, 2019
Messages
6
@anodos is referring to latest FN11 .
@yoavmorag Your first post screen grab showed you had set both min & max to SMB=2. If all you want to do is to avoid SMB=1 in the version of FreeNAS you are using, why not use the drop-down list to set min to "SMB=2_02" or "SMB=2"_10" and set max to "SMB=3_11"?
The thing is, I generally have control only on the client side. The screenshot is from a qa lab I own, but in the general case the user owns the server.

I declare my client supports 3.0 and 2.0, but if the end user has freenas and configures minimal ver. 2.0, my mount will fail, despite specifying 2.0 as well.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
The thing is, I generally have control only on the client side. The screenshot is from a qa lab I own, but in the general case the user owns the server.

I declare my client supports 3.0 and 2.0, but if the end user has freenas and configures minimal ver. 2.0, my mount will fail, despite specifying 2.0 as well.
You're not specifying minimum version 2.0 on the FreeNAS, you're specifying SMB2, which is SMB2_10. This is documented here: https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html#SERVERMAXPROTOCOL
 

yoavmorag

Cadet
Joined
Apr 7, 2019
Messages
6
To be more specific, this has been replaced with an "enable SMB1 checkbox". If it's checked, then SMB1 is allowed and server min protocol is set to NT1, if it's unchecked, then server min protocol is set to SMB2_02.

Thanks, this is helpful.
It might make sense to remove the smb2 option too if it still exists, I understand it's kind of like smb2-default but it seems confusing, at least to me...
 
Top