SMB network exploring windows to linux any fix?

Discussion in 'Other Operating Systems' started by Revenger, Oct 18, 2018.

  1. Revenger

    Revenger Member

    Joined:
    Aug 7, 2002
    Messages:
    3,762
    Location:
    Armadale / Perth
    As some may know the latest windows version removes SMB1 networking due to a exploit.

    https://support.microsoft.com/en-au/help/4034314/smbv1-is-not-installed-by-default-in-windows

    This effectively breaks all network exploring and access of linux pc's in my own testing.

    Windows network systems also get broken but that has a workaround to use WS-Discovery one can manually enable, (Microsoft has stated network exploring is now being depreciated in the article above (I think that will be backflipped with backlash)) but for linux that WS-Discovery protocol isn't fully implemented yet, NAS boxes like Synology have the protocol one can enable to get them back able to be explored and accessed.

    For linux however the systems won't show up on windows without the SMB1 client enabled and you still cant even access them via direct \\servername mapping no matter the setting.

    When you check the SMB version in admin command linux systems show as as SMB 1.5 even if you have SMB 3 installed like Centos etc.

    I run a Centos 6.9 server and a test of Centos 7 (yet to test SMB but I will presume the same)
    I have tested this on multiple PC's here at home and my server I cannot access unless I re-enable SMB1 in windows.

    My kinda current workaround is to log into my NAS gui and transfer from my server to the PC with both mapped in the NAS my HTPC and Server for example, or like my main system I have SMB1 enabled still same as my 2 in 1 as I frequently access my server.

    Does anyone know how this can be properly fixed without having SMB1 enabled or is the system just royally screwed up at the moment thanks to microsoft completely breaking SMB and network discovery to windows because of the security change.
     
  2. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    17,195
    Location:
    Canberra
    You realise the SMB1 is vulnerable right? period. There is no fix.

    More to the point the Samba team have had the source for almost a decade at this point.
     
  3. OP
    OP
    Revenger

    Revenger Member

    Joined:
    Aug 7, 2002
    Messages:
    3,762
    Location:
    Armadale / Perth
    Of course I realise smb1 is vulnerable, one reasoni made this thread.

    As the change to disable it means I can no longer access any Linux systems from Windows.
    As Linux systems are no longer found at all for file sharing.

    Something I want to work out without enabling smb1 which currently I am forced to do to access my servers download folders etc.
     
  4. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    17,195
    Location:
    Canberra
    My Ubuntu Artful box works just fine... (samba 4.6.7)
     
  5. waltermitty

    waltermitty Member

    Joined:
    Feb 19, 2016
    Messages:
    743
    Location:
    BRISBANE
    Can you not just install Samba v4?
     
  6. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    6,163
    Location:
    Briz Vegas
    NFS... #MICDROP
     
  7. miicah

    miicah Member

    Joined:
    Jun 3, 2010
    Messages:
    5,558
    Location:
    Brisbane, QLD
    Update smb?
     
  8. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    17,195
    Location:
    Canberra
    NFS sucks donkey nuts on Windows.
    NFS4 generally sucks donkey nuts for performance.

    Although its my favourite protocol for VMWare tho. #fiteme
     
  9. OP
    OP
    Revenger

    Revenger Member

    Joined:
    Aug 7, 2002
    Messages:
    3,762
    Location:
    Armadale / Perth
    Tested Samba 4 on my Centos 7 VM and thats working via manual \\hostname path mapping.
    The system doesn't show up automatically in network though, but as microsoft mentioned that is being depreciated.

    It appears Samba 3.6 still somehow relies on SMB1 within Windows.

    Can't exactly upgrade Centos 6.9 to Samba 4 without it erroring that its not compatible.
    May look later at it plus 6.9 is now entering EOL so I need to fresh install Centos 7 which I am not looking forward to with all the manual configs etc I've done.
     
  10. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    17,195
    Location:
    Canberra
  11. OP
    OP
    Revenger

    Revenger Member

    Joined:
    Aug 7, 2002
    Messages:
    3,762
    Location:
    Armadale / Perth
    I couldn't install samba 4 as I had 3.6 installed.
    What I just did was backup the samba config in webmin.
    Uninstall samba 3.6 the main and common packages using yum remove.
    The I installed samba4
    restored the backed up webmin samba config,
    Changed from Share to User permissions and added the map to guest parameter.

    I am back up now on samba 4 and working without SMB1 on my test / spare laptop.
    So I'll remove the remaining smb 1 clients from all the systems now.

    Too bad it can't be auto discovered in the network folder but at least I worked out how I can access my shares now.
    I'll need to pin it to quick access on the computers I use.

    So if anyone comes across this you need SMB 4 (samba 4) for Windows 10 with the SMB1 change anything lower and you cannot access the shares.
     
    Last edited: Oct 19, 2018
    BAK likes this.
  12. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    17,195
    Location:
    Canberra
     
  13. frenchfries

    frenchfries Member

    Joined:
    Apr 5, 2013
    Messages:
    88
    THIS. I used to use webmin when I was starting out with linux but it's probably a good idea to learn the CLI, particularly given how easy samba's config files are.

    If it seems daunting, try the Linux FOundation's intro to linux. I had a look the other day and there were a few things I didn't know of. https://courses.edx.org/courses/course-v1:LinuxFoundationX+LFS101x+3T2018/course/
     
  14. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    33,804
    Location:
    Brisbane
    For what it's worth (and you've discovered this on your own, too), CentOS is a "slow and steady" enterprise focused OS. It has not, and does not keep up with modern trends, but opts for long term (and I mean LOOOONG term) stability (read: no change). Its target market is frequently companies coming from UNIX and even Mainframe setups who require either a cheaper or a more modern OS, but still like things to maintain a level of consistency for a decade at a time.

    CentOS6 was released in 2011, a whopping 7+ years ago. Things have moved on considerably in that time. The two components you're concerned with - Samba libraries and the kernel's CIFS/SMB libraries for client-side mounting shares, are positively ancient in that release. (And yet it will continue to be supported until at least 2020).

    If you still require the stability of a server-oriented operating system, but frequently find yourself interacting with more modern systems, I'd suggest Ubuntu LTS ("LTS" = 'Long Term Support"). These are special releases within the Ubuntu ecosystem and release schedule supported for 5 years (not the 11+ of CentOS), and are released every 2 years (meaning you can jump every second one if you have no need to upgrade). The more frequent releases means you benefit from newer technologies, but the 5 year support means you aren't facing constant upgrades.

    Horses for courses. Linux is incredibly diverse, and that's its strength. No one distro suits everyone's needs, and while I emphatically tell people *NOT* to distro-hop to solve their problems, sometimes a well researched, cautiously considered move to another distro is actually what's required.

    Alternatively, as you've discovered, you can on occasion replace just the component you need (upgrading Samba3.X to Samba4.X), and get on with life. However you might find you're cobbling more and more non-default bits of stuff into your distro, which over time becomes unwieldy and sometimes even dangerous if you can't security patch things easily. So again, take all of that into careful consideration.
     
    Last edited: Oct 25, 2018
  15. Quadbox

    Quadbox Member

    Joined:
    Jun 27, 2001
    Messages:
    6,033
    Location:
    Brisbane
    It's particularly annoying when the components they're using are deprecated upstream... I'm awaiting with popcorn the fun that's about to happen now gcc 4.9 and 5 are both EOL when so many distros are still using them
     
    elvis likes this.

Share This Page