failing to mount on linux with CIFS (SMB) minimal version x.0

Joined
Apr 7, 2019
Messages
6
Thanks
0
#1
we've encountered this problem when setting server minimal SMB version to 2.0 or 3.0 :
the mount will fail when specifying the exact version as the minimal.

i.e. it seems the server checks client_version > min_server_version instead of client_version >= min_server_version

example config + failure :

SmbServiceConfig.png
MountMinimumProtocolSmb2.png

it seems this post indicates a similar problem with 3.0 :https://www.ixsystems.com/community...enas-cifs-smb-share-to-bhyve-ubuntu-vm.58794/
 

KrisBee

FreeNAS Guru
Joined
Mar 20, 2017
Messages
770
Thanks
242
#2
Which version of FreeNAS are you using? That looks like 9.10. Which distro/version of Linux is in use?

In both FN 11.1-U7 and FN11.2-U3, the min server protocol defaults to vers=2.0 which is SMB2_02 and an up to date linux client cifs mount should auto-negotiate the highest version, unless you specify it as mount parameter.

You could check the output of testparm -s on your FreeNAS server to actual protocol values. Also the output of smbstatus for the running version of Samba and any connection info.

What reason do you have for restricting Samba connections to vers=2.0?
 
Joined
Apr 7, 2019
Messages
6
Thanks
0
#4
Which version of FreeNAS are you using? That looks like 9.10. Which distro/version of Linux is in use?
I am using FreeNAS-11.0-U2 (e417d8aa5) .
client details :
kernel features :
CONFIG_CIFS=m
CONFIG_CIFS_ACL=y
CONFIG_CIFS_DEBUG=y
CONFIG_CIFS_DFS_UPCALL=y
CONFIG_CIFS_FSCACHE=y
CONFIG_CIFS_POSIX=y
CONFIG_CIFS_SMB2=y // Enables SMB2.0/SMB3.0/SMB3.0.2
CONFIG_CIFS_UPCALL=y
CONFIG_CIFS_WEAK_PW_HASH=y
CONFIG_CIFS_XATTR=y

In both FN 11.1-U7 and FN11.2-U3, the min server protocol defaults to vers=2.0 which is SMB2_02 and an up to date linux client cifs mount should auto-negotiate the highest version, unless you specify it as mount parameter.
I do set the version as mount parameter. I am setting it to ensure we fail to connect to 1.0 server.

You could check the output of testparm -s on your FreeNAS server to actual protocol values. Also the output of smbstatus for the running version of Samba and any connection info.

What reason do you have for restricting Samba connections to vers=2.0?
I allow both 3.0 and 2.0, I start by trying 3.0 and if it fails fallback to 2.0. as I said, I implemented this poor auto negotiation because I wanted to avoid connecting to 1.0
 
Last edited:

KrisBee

FreeNAS Guru
Joined
Mar 20, 2017
Messages
770
Thanks
242
#8
why is the GUI showing them as separate options then ? in the drop box I can see both SMB2 (2.0 ?) and SMB2_10
@anodos is referring to latest FN11 .
@yoavmorag Your first post screen grab showed you had set both min & max to SMB=2. If all you want to do is to avoid SMB=1 in the version of FreeNAS you are using, why not use the drop-down list to set min to "SMB=2_02" or "SMB=2"_10" and set max to "SMB=3_11"?
 
Joined
Apr 7, 2019
Messages
6
Thanks
0
#9
@anodos is referring to latest FN11 .
@yoavmorag Your first post screen grab showed you had set both min & max to SMB=2. If all you want to do is to avoid SMB=1 in the version of FreeNAS you are using, why not use the drop-down list to set min to "SMB=2_02" or "SMB=2"_10" and set max to "SMB=3_11"?
The thing is, I generally have control only on the client side. The screenshot is from a qa lab I own, but in the general case the user owns the server.

I declare my client supports 3.0 and 2.0, but if the end user has freenas and configures minimal ver. 2.0, my mount will fail, despite specifying 2.0 as well.
 

anodos

Belly-button Lint Extraordinaire
iXsystems
Joined
Mar 6, 2014
Messages
5,167
Thanks
1,368
#10
The thing is, I generally have control only on the client side. The screenshot is from a qa lab I own, but in the general case the user owns the server.

I declare my client supports 3.0 and 2.0, but if the end user has freenas and configures minimal ver. 2.0, my mount will fail, despite specifying 2.0 as well.
You're not specifying minimum version 2.0 on the FreeNAS, you're specifying SMB2, which is SMB2_10. This is documented here: https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html#SERVERMAXPROTOCOL
 
Joined
Apr 7, 2019
Messages
6
Thanks
0
#11
To be more specific, this has been replaced with an "enable SMB1 checkbox". If it's checked, then SMB1 is allowed and server min protocol is set to NT1, if it's unchecked, then server min protocol is set to SMB2_02.
Thanks, this is helpful.
It might make sense to remove the smb2 option too if it still exists, I understand it's kind of like smb2-default but it seems confusing, at least to me...
 
Top