Cannot connect to SMB Shares with Windows 10 LTSC client

[TGM]

Hello,

I have the following environment:

share - FreeNAS 11.2
client1 - Win 7 PRO
client2 - Win 10 - SW_DVD5_WIN_ENT_LTSC_2019_64-bit_English_MLF_X21-96425

client1 to share - OK
client2 to share - NOK

Code:

testparm -s
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from /usr/local/etc/smb4.conf
Processing section "[public]"
Loaded services file OK.
Server role: ROLE_STANDALONE

# Global parameters
[global]
        bind interfaces only = Yes
        deadtime = 15
        disable spoolss = Yes
        dns proxy = No
        dos charset = CP437
        interfaces = 127.0.0.1 192.168.1.10
        kernel change notify = No
        lm announce = Yes
        load printers = No
        local master = No
        logging = file
        map to guest = Bad User
        max log size = 51200
        max open files = 469685
        netbios name = SHARE
        nsupdate command = /usr/local/bin/samba-nsupdate -g
        panic action = /usr/local/libexec/samba/samba-backtrace
        printcap name = /dev/null
        security = USER
        server min protocol = SMB2_02
        server role = standalone server
        server string = share
        time server = Yes
        idmap config *: range = 90000001-100000000
        idmap config * : backend = tdb
        acl allow execute always = Yes
        create mask = 0660
        directory mask = 0770
        directory name cache size = 0
        dos filemode = Yes
        strict locking = No


[public]
        guest ok = Yes
        guest only = Yes
        path = "/mnt/storage/share/public"
        read only = No
        veto files = /.snapshot/.windows/.mac/.zfs/
        vfs objects = shadow_copy2 zfs_space zfsacl streams_xattr
        zfsacl:acesort = dontcare
        nfs4:chown = true
        nfs4:acedup = merge
        nfs4:mode = special
        shadow:snapdirseverywhere = yes
        shadow:format = auto-%Y%m%d.%H%M-2m
        shadow:localtime = yes
        shadow:sort = desc
        shadow:snapdir = .zfs/snapshot

On windows 7 access, I can browse/read/write/create/modify the public folder and any inside content.
On windows 10 acesss, "windows cannot access \\share"

Anybody had this issue before or recently?
Let me know If I can add any relevant information for debugging.

 

[anodos]

You may need to alter security settings in the windows 10 client to allow it to access the guest share.

 

[TGM]

How ?

 

[anodos]

https://support.microsoft.com/en-us...bled-by-default-in-windows-10-and-windows-ser

 

[TGM]

Enabled, same behavior. Any ideeas?

 

[anodos]

Look at windows event viewer and samba logs. Check permissions on full path to the share.

 

[TGM]

This is a fresh ISO VM, makes no sense.

Permissions look good.

drwxr-xr-x 3 root wheel 4B Mar 22 11:40 share
storage# getfacl share
# file: share
# owner: root
# group: wheel
owner@:rwxp--aARWcCos:-------:allow
group@:r-x---a-R-c--s:-------:allow
everyone@:r-x---a-R-c--s:-------:allow
storage# getfacl share/public
# file: share/public
# owner: nobody
# group: nogroup
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:r-x---a-R-c---:fd-----:allow

 

[anodos]

Can you get a pcap of the connection attempt? tcpdump -i <your interface> -p -s 0 -w /var/log/samba4/w10.pcap host <ip of W10 client> and port 445. Hit ctrl+c when the connection attempt fails, then generate a debug and PM it to me.

 

[TGM]

After a few days of testing and debugging, I came up with the following setup:

// standard win10 ltsc setup
// enable file sharing
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes

// gpedit.msc -> Configuration > Administrative Templates > Network > Lanman Workstation -> Enable Insecure guest logons
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters /v AllowInsecureGuestAuth /t REG_DWORD /d 1 /f

// OR //

// WSDD setup (did I missed anything? didn't worked for me)
// disable SMB1
sc config mrxsmb10 start=disabled
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters /v SMB1 /t REG_DWORD /d 0 /f

// enable Function Discovery
sc config fdPHost start=auto
sc config FDResPub start=auto

// add network discovery firewall rule
netsh advfirewall firewall set rule group="Network Discovery" new enable=Yes

// on SMB service
enable web service discovery = yes

Sources:
https://www.ixsystems.com/community...s-network-neighbourhood-better-than-ever.106/
https://support.microsoft.com/en-ca/help/4034314/smbv1-is-not-installed-by-default-in-windows
https://redmine.ixsystems.com/versions/912

 

[aookeopinetree]

Thank you. That script you wrote above got smb file sharing working for me in LTSC 2021 21H2.

I then followed this https://learn.microsoft.com/en-us/w...leshoot/detect-enable-and-disable-smbv1-v2-v3 to ensure smb1 remained off.