dolphin cannot access to smb://server@192.168.204.86/

Hi
All I did before the samba upgrade to access my local nas was add the following to the host (Tumbleweed) /etc/samba/smb.conf in the global section;

[global]
...
client use spnego = no
client ntlmv2 auth = no

Now with the samba change added in the same section;

client min protocol = NT1

All is good to access as before… smbclient or Nautilus.

maaanythanks malcolmlewis, the global section of my /etc/samba/smb.conf is now this:

[global]
    passdb backend = tdbsam
    printing = cups
    printcap name = cups
    printcap cache time = 750
    cups options = raw
    map to guest = Bad User
    logon path = \\%L\profiles\.msprofile
    logon home = \\%L\%U\.9xprofile
    logon drive = P:
    usershare allow guests = No
    security = domain
    client use spnego = no
    client ntlmv2 auth = no
    client min protocol = NT1

and it wooooorrrrkkkkssssrotfl!
I don’t know but I’ll study what does your adds means but it workslol!

pla@pla4-TW:~> smbclient -m smb2 --user=server -L 192.168.204.86 -d 3
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
directory_create_or_exist_strict: invalid ownership on directory /var/lib/samba/lock/msg.lock
cmdline_messaging_context: Unable to initialize messaging context.
Unable to initialize messaging context
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
added interface wlan0 ip=192.168.219.193 bcast=192.168.219.255 netmask=255.255.255.0
Client started (version 4.11.0-git.95.c88b5f2c0c6SUSE-oS15.5-x86_64).
Connecting to 192.168.204.86 at port 445
Enter WORKGROUP\server's password: 

        Sharename       Type      Comment
        ---------       ----      -------
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
        J$              Disk      Condivisione predefinita
        R$              Disk      Condivisione predefinita
        DROPBOX B 60Gb  Disk      
        MUSICA 2        Disk      
        _ARCHIVIO _2018 Disk      
        C$              Disk      Condivisione predefinita
        K$              Disk      Condivisione predefinita
        GIOCHI          Disk      
        FILM NUOVI      Disk      
        DROPBOX PROGRAMMI Disk      
        MUSICA 1        Disk      
        H$              Disk      Condivisione predefinita
        P$              Disk      Condivisione predefinita
        DROPBOX A 400Gb Disk      
        _ARCHIVIO_2017  Disk      
        _ARCHIVIO_2016  Disk      
        I$              Disk      Condivisione predefinita
        FILM CARTONI    Disk      
        Raccolte Film   Disk      
        CONDIVIDERE FILE IN CARTELLE DROPBOX Disk      
        F$              Disk      Condivisione predefinita
        N$              Disk      Condivisione predefinita
        Riviste Libri Fumetti Disk      
        SERIE TV 1      Disk      
        IPC$            IPC       IPC remoto
        G$              Disk      Condivisione predefinita
        BIBLIOTECA TECNICA Disk      
        ADMIN$          Disk      Amministrazione remota
        PROGRAMMI       Disk      
        SERIE TV 2      Disk      
        L$              Disk      Condivisione predefinita
        E$              Disk      Condivisione predefinita
        ADMIN           Disk      
Reconnecting with SMB1 for workgroup listing.
Connecting to 192.168.204.86 at port 139
Connecting to 192.168.204.86 at port 139

        Server               Comment
        ---------            -------
        SERVER-ZFTFZ         

        Workgroup            Master
        ---------            -------
        FUS-COND             AFM
        SERVERFTF            SERVER-ZFTFZ
        WORKGROUP            HP5B05B3
pla@pla4-TW:~> 

Hi
Congratulations I would try without those two other client options so only have the min protocol one. The debug option to the connection eg -d 3 it tells you what the issues are…

@pier_andreit: Good to read of your progress here, however you should check if connectivity to this server really does rely on the SMB1 (NT1 protocol), as it is a significant security risk when enabled, and has been deprecated for good reason.

I don’t know but I’ll study what does your adds means but it workslol!

pla@pla4-TW:~> smbclient -m smb2 --user=server -L 192.168.204.86 -d 3

As you’re connecting with SMB2 parameter, perhaps it is the authentication options that you specified in smb.conf that are allowing authentication to work here. If so, I would try removing the client min protocol = NT1’ and test without it. If you do find that it is required then the administrator’ of that server needs to take steps to upgrade it (and specifically disable SMB1).

I don’t know how to check this

manythanks to all for first
when I come back to work I’ll test what happens removing client min protocol = NT1 option, to contact the administrator I will try but I don’t know him and if he knows how to disable SMB1…
I’m at home now and tested my laptop with tumbleweed with my home samba server running on opensuse leap 15.1.
with the three options suggested by malcolmlewis it doesn’t works, where with a leap 15.1 works perfectly:
with dolphin and smbclient the password is asked, I give the correct password but isn’t accepted

pla@pla4-TW:~> smbclient -m smb2 --user=procuste -L 192.168.1.2 -d 3            
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
directory_create_or_exist_strict: invalid ownership on directory /var/lib/samba/lock/msg.lock
cmdline_messaging_context: Unable to initialize messaging context.
Unable to initialize messaging context
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
added interface wlan0 ip=192.168.1.127 bcast=192.168.1.255 netmask=255.255.255.0
Client started (version 4.11.0-git.95.c88b5f2c0c6SUSE-oS15.5-x86_64).
Connecting to 192.168.1.2 at port 445
got OID=1.3.6.1.4.1.311.2.2.10
Enter WORKGROUP\procuste's password: 
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Got challenge flags:
Got NTLMSSP neg_flags=0x628a8215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
SPNEGO login failed: The attempted logon is invalid. This is either due to a bad username or authentication information.
session setup failed: NT_STATUS_LOGON_FAILURE
pla@pla4-TW:~> 

if I disable the three options it works.
as I suspected from the name of the option “auth”=no
I disable only the option client ntlmv2 auth = no and it works

pla@pla4-TW:~> smbclient -m smb2 --user=procuste -L 192.168.1.2 -d 3
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
directory_create_or_exist_strict: invalid ownership on directory /var/lib/samba/lock/msg.lock
cmdline_messaging_context: Unable to initialize messaging context.
Unable to initialize messaging context
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
added interface wlan0 ip=192.168.1.127 bcast=192.168.1.255 netmask=255.255.255.0
Client started (version 4.11.0-git.95.c88b5f2c0c6SUSE-oS15.5-x86_64).
Connecting to 192.168.1.2 at port 445
got OID=1.3.6.1.4.1.311.2.2.10
Enter WORKGROUP\procuste's password: 
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Got challenge flags:
Got NTLMSSP neg_flags=0x628a8215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215

        Sharename       Type      Comment
        ---------       ----      -------
        homes           Disk      Home Directories
        profiles        Disk      Network Profiles Service
        users           Disk      All users
        groups          Disk      All groups
        print$          Disk      Printer Drivers
        abbaino         Disk      abbaino del server accessibile da procuste
        attico          Disk      attico del server accessibile da procuste
        cantina         Disk      cantina del server accessibile da procuste
        capanno         Disk      capanno del server accessibile da procuste
        casalmare       Disk      casalmare del server accessibile da procuste
        fienile         Disk      fienile del server accessibile da procuste
        garage          Disk      garage del server accessibile da procuste
        mansarda        Disk      mansarda del server accessibile da procuste
        piedaterre      Disk      piedaterre del server accessibile da procuste
        deposito        Disk      deposito del server accessibile da procuste
        IPC$            IPC       IPC Service (Samba 4.9.5-git.187.71edee57d5alp151.2.6.1-SUSE-oS15.0-x86_64)
        procuste        Disk      Home Directories
        samsung         Printer   Samsung C43x Series
SMB1 disabled -- no workgroup available
pla@pla4-TW:~> 

the password is asked and accepted
on monday I’ll test at work with windows server 192.168.204.86

tested on 192.168.204.86
with only client min protocol = NT1 it works on 192.168.204.86, I’ll test at home samba server tonight

[global]
....
    #client use spnego = no
    #client ntlmv2 auth = no
    client min protocol = NT1

and with both client use spnego = no and client min protocol = NT1 works on both, home samba server and 192.168.204.86

[global]
....
    client use spnego = no
    #client ntlmv2 auth = no
    client min protocol = NT1

and with both client use spnego = no on 192.168.204.86 it doesn’t works

[global]
....
    client use spnego = no
    #client ntlmv2 auth = no
    #client min protocol = NT1

so it seems the client min protocol = NT1 is mandatory to work on 192.168.204.86

it works also on samba server at home