maaanythanks malcolmlewis, the global section of my /etc/samba/smb.conf is now this:
[global]
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = No
security = domain
client use spnego = no
client ntlmv2 auth = no
client min protocol = NT1
and it wooooorrrrkkkkssssrotfl!
I don’t know but I’ll study what does your adds means but it workslol!
pla@pla4-TW:~> smbclient -m smb2 --user=server -L 192.168.204.86 -d 3
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
directory_create_or_exist_strict: invalid ownership on directory /var/lib/samba/lock/msg.lock
cmdline_messaging_context: Unable to initialize messaging context.
Unable to initialize messaging context
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
added interface wlan0 ip=192.168.219.193 bcast=192.168.219.255 netmask=255.255.255.0
Client started (version 4.11.0-git.95.c88b5f2c0c6SUSE-oS15.5-x86_64).
Connecting to 192.168.204.86 at port 445
Enter WORKGROUP\server's password:
Sharename Type Comment
--------- ---- -------
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
J$ Disk Condivisione predefinita
R$ Disk Condivisione predefinita
DROPBOX B 60Gb Disk
MUSICA 2 Disk
_ARCHIVIO _2018 Disk
C$ Disk Condivisione predefinita
K$ Disk Condivisione predefinita
GIOCHI Disk
FILM NUOVI Disk
DROPBOX PROGRAMMI Disk
MUSICA 1 Disk
H$ Disk Condivisione predefinita
P$ Disk Condivisione predefinita
DROPBOX A 400Gb Disk
_ARCHIVIO_2017 Disk
_ARCHIVIO_2016 Disk
I$ Disk Condivisione predefinita
FILM CARTONI Disk
Raccolte Film Disk
CONDIVIDERE FILE IN CARTELLE DROPBOX Disk
F$ Disk Condivisione predefinita
N$ Disk Condivisione predefinita
Riviste Libri Fumetti Disk
SERIE TV 1 Disk
IPC$ IPC IPC remoto
G$ Disk Condivisione predefinita
BIBLIOTECA TECNICA Disk
ADMIN$ Disk Amministrazione remota
PROGRAMMI Disk
SERIE TV 2 Disk
L$ Disk Condivisione predefinita
E$ Disk Condivisione predefinita
ADMIN Disk
Reconnecting with SMB1 for workgroup listing.
Connecting to 192.168.204.86 at port 139
Connecting to 192.168.204.86 at port 139
Server Comment
--------- -------
SERVER-ZFTFZ
Workgroup Master
--------- -------
FUS-COND AFM
SERVERFTF SERVER-ZFTFZ
WORKGROUP HP5B05B3
pla@pla4-TW:~>
Hi
Congratulations I would try without those two other client options so only have the min protocol one. The debug option to the connection eg -d 3 it tells you what the issues are…
@pier_andreit: Good to read of your progress here, however you should check if connectivity to this server really does rely on the SMB1 (NT1 protocol), as it is a significant security risk when enabled, and has been deprecated for good reason.
I don’t know but I’ll study what does your adds means but it workslol!
As you’re connecting with SMB2 parameter, perhaps it is the authentication options that you specified in smb.conf that are allowing authentication to work here. If so, I would try removing the client min protocol = NT1’ and test without it. If you do find that it is required then the administrator’ of that server needs to take steps to upgrade it (and specifically disable SMB1).
manythanks to all for first
when I come back to work I’ll test what happens removing client min protocol = NT1 option, to contact the administrator I will try but I don’t know him and if he knows how to disable SMB1…
I’m at home now and tested my laptop with tumbleweed with my home samba server running on opensuse leap 15.1.
with the three options suggested by malcolmlewis it doesn’t works, where with a leap 15.1 works perfectly:
with dolphin and smbclient the password is asked, I give the correct password but isn’t accepted
pla@pla4-TW:~> smbclient -m smb2 --user=procuste -L 192.168.1.2 -d 3
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
directory_create_or_exist_strict: invalid ownership on directory /var/lib/samba/lock/msg.lock
cmdline_messaging_context: Unable to initialize messaging context.
Unable to initialize messaging context
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
added interface wlan0 ip=192.168.1.127 bcast=192.168.1.255 netmask=255.255.255.0
Client started (version 4.11.0-git.95.c88b5f2c0c6SUSE-oS15.5-x86_64).
Connecting to 192.168.1.2 at port 445
got OID=1.3.6.1.4.1.311.2.2.10
Enter WORKGROUP\procuste's password:
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Got challenge flags:
Got NTLMSSP neg_flags=0x628a8215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
SPNEGO login failed: The attempted logon is invalid. This is either due to a bad username or authentication information.
session setup failed: NT_STATUS_LOGON_FAILURE
pla@pla4-TW:~>
if I disable the three options it works.
as I suspected from the name of the option “auth”=no
I disable only the option client ntlmv2 auth = no and it works
pla@pla4-TW:~> smbclient -m smb2 --user=procuste -L 192.168.1.2 -d 3
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
directory_create_or_exist_strict: invalid ownership on directory /var/lib/samba/lock/msg.lock
cmdline_messaging_context: Unable to initialize messaging context.
Unable to initialize messaging context
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
added interface wlan0 ip=192.168.1.127 bcast=192.168.1.255 netmask=255.255.255.0
Client started (version 4.11.0-git.95.c88b5f2c0c6SUSE-oS15.5-x86_64).
Connecting to 192.168.1.2 at port 445
got OID=1.3.6.1.4.1.311.2.2.10
Enter WORKGROUP\procuste's password:
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Got challenge flags:
Got NTLMSSP neg_flags=0x628a8215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
Sharename Type Comment
--------- ---- -------
homes Disk Home Directories
profiles Disk Network Profiles Service
users Disk All users
groups Disk All groups
print$ Disk Printer Drivers
abbaino Disk abbaino del server accessibile da procuste
attico Disk attico del server accessibile da procuste
cantina Disk cantina del server accessibile da procuste
capanno Disk capanno del server accessibile da procuste
casalmare Disk casalmare del server accessibile da procuste
fienile Disk fienile del server accessibile da procuste
garage Disk garage del server accessibile da procuste
mansarda Disk mansarda del server accessibile da procuste
piedaterre Disk piedaterre del server accessibile da procuste
deposito Disk deposito del server accessibile da procuste
IPC$ IPC IPC Service (Samba 4.9.5-git.187.71edee57d5alp151.2.6.1-SUSE-oS15.0-x86_64)
procuste Disk Home Directories
samsung Printer Samsung C43x Series
SMB1 disabled -- no workgroup available
pla@pla4-TW:~>
the password is asked and accepted
on monday I’ll test at work with windows server 192.168.204.86