[CentOS] EXTERNAL: Samba issues with Win 10 (one last followup)

Thu Jun 28 17:56:34 UTC 2018
Fred Smith <fredex at fcshome.stoneham.ma.us>

On Thu, Jun 28, 2018 at 12:50:06PM -0400, mark wrote:
> Wells, Roger K. wrote:
> > On 06/28/2018 10:35 AM, mark wrote:
> >>
> >> Just ran into a problem: someone with a new laptop, running Win 10,
> >> version 1709, tried to map their home directory (served from a CentOS 6.9
> >> box, and it fails, with Windows complaining that it no longer supports
> >> SMBv1, and if you go to their site, you can install support
> >> for that manually....
> >>
> >> The server running samba can *not* be updated to 7 - we have a lot of
> >> stuff based off it, and most of our users use it, one way or another, so
> >> it's a major thing when we do finally upgrade (or, more likely, replace
> >> the server).
> >>
> >> Has anyone run into this, and if so, any workarounds on the Linux end?
> >>
> > I ran into this  as well.
> > There is a procedure that a W10 administrator can enable SMBv1.
> > I did it and it worked.
> > I believe that I started from this link:
> > https://social.technet.microsoft.com/Forums/windows/en-US/8160d62b-0f5d-48
> > a3-9fe9-5cd319837917/how-te-reenable-smb1-in-windows1o?forum=win10itproge
> > neral HTH
> >
> Yeah. I'm not sure why my original problem statement wasn't clear, and
> I've done some online research since then, but what I was looking for was
> a CentOS 6 solution, where we just modified the C6 samba server, rather
> than have to put a ticket in for each and every user that's stuck with Win
> 10.

Trouble is that smb v1 is horribly insecure. Even Microsoft tells
people not to use it.

> And, since this is an office in a US federal gov't agency (civilian
> sector, so budgets suck), there could be a dozen or two people, and I
> understand we're getting in new laptops & desktops for a number of folks
> with older systems, we're going to see more of this, and it's a big issue,
> since the server that serves samba also does a lot else, and that will
> affect almost everyone.  

I'd think the feds would have figured out that smb v1 is a bad 
protocol to  use and outlawed it.

> That's why a C6 solution would have been far better.
> But I see that the cifs.ko with the C6 kernel doesn
> that's what we'll have to do. (And, since the samba server is now out of
> warranty, it's time to start thinking about a replacement).

At home, while I do  not have win10 talking directly to samba on my
LInux desktop, I also have a Synology Disk Station and have configured
it to use only smb v3, and in the mount command on Linux I specify
smb v3, and it works fine.

'course, that's the samba client, not the server. I haven't really
investigated why I can't directly access win10 from linux and vice-
versa, so it may be a v1 vs v3 issue. However, at work I had no trouble
accessing my home filesystem on linux from win10. haven't, so far,
figured out what the difference is.


    Under no circumstances will I ever purchase anything offered to me as
    the result of an unsolicited e-mail message. Nor will I forward chain
    letters, petitions, mass mailings, or virus warnings to large numbers
    of others. This is my contribution to the survival of the online
 --Roger Ebert, December, 1996
----------------------------- The Boulder Pledge -----------------------------