Macintosh Client cannot connect to new Samba on Leap

I’m at a loss. I recently upgraded my home server from (I think) Leap 11.3 to the newest 15.2. Mostly all went well. Imported my previous Samba settings (config, users and etc) and most of the computers in my home work fine. Including a couple Windows 10, macOS 10.12 and up work fine.

But, I have a couple older Macs that cannot be upgraded. One is running 10.7 and the other is on 10.8. The 10.7 machine doesn’t see the samba server. It can ping the server via IP but it’s hostname is unknown to that Mac. Trying to connect via smb it fails to connect without any error messages.

The 10.8 machine sees the server in the network list. However, it cannot connect either. It just says that there was a problem and to check the name and ip again.

None of the other machines at home have an issue. The server is using the same IP as before. Nothing has been changed on any of the clients.

The only thing I can think is that maybe they need some kind of legacy support.

IDK

Maybe you must enable Version 1 of the samba protocol?

Its disabled by default.

Sauerland is right, Lion only supported 1.0 or 2.0 but for client it defaults to 1.0.

You need to edit /etc/samba/smb.conf and add server min protocol = NT1 under **[Global]
**
Then restart smb ( **sudo systemctl restart smb && **sudo systemctl restart nmb)

Should any User be advised to enable SMB v1 which among various threats is a favorite target of various ransomware?
IMO even if not system upgradable, there should be some investigation whether upgrading only SMB is possible.
And, if there is no solution to upgrading SMB at all, then the next option should be to consider using a different protocol. SMB offers some browsing features that might not be available with other protocols, but if that isn’t needed, most systems support connecting to network shares in file managers as simple as simply modifying the connection string, replacing the protocol declaration.

TSU

Edit:
It turns out I remembered incorrectly, 10.7 aka Lion did have SMB2 support but as I recall it was pretty finicky since it was in-house and not Samba based.

You could try forcing minlevel SMB2 rather than NT1.

Thank you so much! That got it working.

I’m curious. Is it possible for it to limit the Samba 1 connections to read only? Neither of those old Mac’s need write access. One is an iTunes media from home server file share to some AppleTVs. The other is used to backup the data from my homer server. I can give them read only users. But, that isn’t the same as preventing other users from connecting via Samba 1. Or, would I need to try and set up something in a vm or docker container?

Or, perhaps a better question would be:

Can I limit SMB1 support to only a specific read only share?

Unfortunately no, the negotiation is done on a global level.

However, I was wrong about the level of support (10.7 brought SMB2 support, 10.6 didn’t have it) so maybe you could try SMB2 opposed to **NT1 **and see if it works.

I was mistaken… The iTunes media server (and ElGato EyeTV DVR) machine is running 10.6.8. Not 10.7 like I thought. I forgot I rolled back the OS to that version. It is much faster and more stable under that OS version. It has a hybrid drive and boots in roughly 15 seconds.

No matter though. You’ve been a big help.

I need to learn Docker anyway.

I try and setup a container to do the read only NT1 shares for the old machines.

Have you considered sharing files via the Apple Filing Protocol (AFP)? Netatalk on Linux can provide support for it ( https://software.opensuse.org/package/netatalk )

There’s a small tutorial here; https://catelin.net/2018/03/10/turn-your-linux-box-into-an-afp-server/

You can skip the compile and other steps and instead just look at the configuration files. I have not used it in ages so I can’t help you directly but as far as I can remember, it was pretty easy and straightforward to setup.

With this you could disable SMB1 on your Samba and use AFP on Apple devices which is not vulnerable to the Wannacry and other SMB1 issues.

Using NFS might be another option perhaps?