[CentOS] Samba issues with Win 10

Wed Jul 4 18:53:54 UTC 2018
me at tdiehl.org <me at tdiehl.org>

On Tue, 3 Jul 2018, mark wrote:

> me at tdiehl.org wrote:
>> On Thu, 28 Jun 2018, mark wrote:
>>> Walter H. wrote:
>>>> On 28.06.2018 16:30, mark wrote:
>>>>> Just ran into a problem: someone with a new laptop, running Win 10,
>>>>>  version 1709, tried to map their home directory (served from a
>>>>> CentOS 6.9
>>>>> box, and it fails, with Windows complaining that it no longer
>>>>> supports SMBv1, and if you go to their site, you can install support
>>>>>  for that manually....
>>>>> The server running samba can *not* be updated to 7 - we have a lot
>>>>> of stuff based off it, and most of our users use it, one way or
>>>>> another, so it's a major thing when we do finally upgrade (or, more
>>>>> likely, replace the server).
>>>>> Has anyone run into this, and if so, any workarounds on the Linux
>>>>> end?
> <snip>
>> You did not say what version of samba you are running but I am going to
>> assume it is not the samba4 rpms that come with c-6.
> The default samba, 3.6.23-51.
>> I would suggest that you remove the currently installed samba rpms and
>> install samba4-4.2.10-12.el6_9.x86_64 and friends.
>> I have several customers still running c-6 with the samba4 rpms using
>> win10 and win server 2016 that work just fine and best of all no smb_1
> The real issue, which you may have missed, is that this is *heavily* used
> by the entire Office. Such an upgrade would require extensive testing
> before we can roll it out. By the time we do that, we may have finally
> ordered a replacement server for the system, and the new one will be C7.

I did not miss it. I seem to remember that you asked for something in SCL.
If you are willing to use SCL then why not use packages supplied in base?

If you are not willing to do the testing then your only choice is NO SECURITY.
SMB_1 is not secure and should not be used. That is why it is no longer
supported in Win 10 or samba 3.x. For once MS is doing the right thing.

> This isn't a cube farm, but 30 or 50 or 60 people being out of capability
> for hours or days is not something we do.

It is not an intrusive change but I agree it should be tested.

Bottom line is it is your system so you get to decide. :-)


Tom			me at tdiehl.org