TransWikia.com

Cannot connect to Linux Samba share from Windows 10

Server Fault Asked by pngl on December 11, 2021

I have a Samba server version 4.1.11 running on Ubuntu 14.04. I cannot connect from Windows 10 (but I can from Windows 7).

The server and the clients are not on the same LAN.

The error message given by Windows is that the server is online but not responding. However the Samba logs say otherwise.

I have attached the logs for a failed connection attempt from Windows 10, and those for a successful attempt from Windows 7 (for comparison).

Briefly, unlike the successful attempt, the failed one starts with:

switch message SMBnegprot (pid 2855) conn 0x0

then it requests a number of different protocols before selecting SMB2_FF. Then, after some security negotiations, it switches to protocol SMB 2.???, then SMB3_00, followed by:

Server exit (NT_STATUS_END_OF_FILE).

The successful attempt selects protocol SMB2_10 from the start, but this protocol is not even requested by Windows 10.

Here are the logs :

Failed attempt (from Windows 10)
http://pastebin.com/M0xmBuY3

Successful attempt (from Windows 7)
http://pastebin.com/jF8VzaiA

I’ve added my smb.conf file in a comment (can’t have more than 2 links with <10 reputation)

15 Answers

Before changing all kinds of settings...

I don't have all these fancy settings. In fact I have very few general settings.

My global config:

workgroup = WORKGROUP
security = user
passdb backend = tdbsam
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
ntlm auth = yes

I had a Samba server on CentOS 7 and migrated to CentOS 8 (new install). The Samba shares were also opened on a Windows device. After trying to connect to the same share on the CentOS8 install with the same credentials configured I couldn't login to the share anymore. Still I got the message that my credentials were incorrect.

Key things to do:

  1. Test if you can login to the share through smbclient
  2. Check you have the right SElinux context (samba_share_t) or check by temporarily disabling SElinux (setenforce 0). Use semanage fcontext -a -t samba_share_t /mnt/myshare and restorecon -R /mnt/myshare to ensure that in the future you'll always have the correct SElinux context for that directory. Although the chcon method works it won't get the right result when e.g. relabeling your filesystem.
  3. If you were connected to this share before and you can't login anymore while you supply the correct credentials: remove the mapping and create a new one (go to samba-host and supply your credentials again.

I was fiddling with this last step for so long until I tried on another Windows 10 device and it worked right away.

Answered by th3penguinwhisperer on December 11, 2021

In my case, SMB2 looks like it was negotiated, then the linux Samba server attempted to negotiate SMB3.1.1 because windows 10 said it was supported. Windows 10 then drops the connection. I disabled SMB3 in my Samba server and it worked like a charm.

Under [GLOBAL] in /etc/samba/smb.conf:

        client min protocol = SMB2
        client max protocol = SMB2

Answered by JavaProphet on December 11, 2021

Microsoft removed SMBv1 protocol support by default on Windows 10/2016 and higher. The samba clients seems to try to connect using SMBv1, which therefore fails.

You may be successful with this changes to your /etc/samba/smb.conf:

client min protocol = SMB2
client max protocol = SMB3

in the [GLOBAL] Section.

In my case I also had to put a password on my Samba user(s), but I think that was my specific system problem.

Answered by Vikas Maurya on December 11, 2021

My solution. Move the current smb.conf to smb.conf.orig (start afresh). Create a new smb.conf and add the following:

[global]
   workgroup = workgroup
   server string = %h server (Samba, Ubuntu)
   log file = /var/log/samba/log.%m
   max log size = 1000
   logging = file
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
   pam password change = yes
   map to guest = bad user
   lanman auth = no
   ntlm auth = no
   client ntlmv2 auth = yes
   usershare allow guests = no
#
[Share]
   comment = Share Root
   writeable = yes
   browseable = yes
   read only = no
   create mask = 0775
   directory mask = 0775
   valid users = a_user
   path = /
   guest ok = no
#

Answered by Coconutdog on December 11, 2021

I made an account just for this

the smb.conf file has the following

# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
;   interfaces = 127.0.0.0/8 eth0

Well my eth was not mapped to eth0. It was enp3s0

# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
;   interfaces = 127.0.0.0/8 enp3s0

Changed that int he file , smb restart and Windows could now see it. Also, make sure you enable smb in the ubuntu firewall,

sudo ufw allow samba

Answered by Philip Jay Fry on December 11, 2021

I lost more than 5 hours finding the solution for this issue. Hope this solves your issues as well.

Solution: chcon -R -t samba_/share_t /path_to_your_samba_location

In my case: chcon -R -t samba_/share_t /home/share

Answered by l1den on December 11, 2021

Problem: Windows removed SMB v1 protocol on latest Windows OS, Linux try to connect with v1 protocol and Windows/Linux fails to try protocol 2, 3 etc.

Solution: edit linux (ubuntu) Samba conf file:

sudo nano /etc/samba/smb.conf

on the [GLOBAL] section add:

client min protocol = SMB2

client max protocol = SMB3

then save file and restart samba

in my case I also had to explicit put a password or my Samba user, but I think that was my specific system problem.

Answered by Carlos V. Gonzalez on December 11, 2021

I agree with others related to default setting in Windows 10 as a client. Anyway I got it working WITHOUT any changes on client side with this setting in Global section on samba server (samba-4.7.1-9.el7_5.x86_64 - repo version for CentOs 7):

[global]
    workgroup = <workgroup>
    realm = <realm>
    server string = FileShare server
    netbios name = <nbname>
    interfaces = lo eth0 <...>
    hosts allow = 127. 192.168.0. <...>
    log file = /var/log/samba/log.%m
    max log size = 10240
    security = user
    map to guest = Bad Password
    usershare allow guests = No
    server signing = auto
    passdb backend = tdbsam
    local master = yes

    vfs objects = acl_xattr
    map acl inherit = yes
    store dos attributes = yes

    winbind nss info = template
    winbind enum users = Yes
    winbind enum groups = Yes
    winbind use default domain = yes

    client use spnego = yes
    client ntlmv2 auth = yes

    encrypt passwords = yes

    local master = No
    hide dot files = No
    allow insecure wide links = yes
    store dos attributes = yes

Answered by Kamil J on December 11, 2021

In Windows 10 Fall Creators Update and Windows Server, version 1709 (RS3), the Server Message Block version 1 (SMBv1) network protocol is no longer installed by default.

Program & Features, add/remove windows features ...turn on CIF/SMB 1.0

Answered by Bozojoe on December 11, 2021

I'm a beginner in Linux. I tried a lot of options. After many hours spent, I found the solution!

(I recommend to make a copy of smb.conf, and after try to make changes) Works 100% on windows 10/7/8/Ubuntu at 07.06.2017 with fresh install of Ubuntu and samba

Another thing I think is important, change path to /home/server-media/Desktop/test or create same path at your server!

To start and stop samba use command

/etc/init.d/smbd stop
/etc/init.d/smbd start

For easy edit use midnight commander. Start in command from root "mc"

Copy all text from the config below. After you try and are sure it is working, you can delete the old one.

[global]

#editat la ora 20:30 in data 07.06.2017

server max protocol = SMB3
encrypt passwords = yes
dns proxy = no
strict locking = no
oplocks = yes                                                                                                                   
deadtime = 15
max log size = 51200
max open files = 933761
logging = file
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
getwd cache = yes
guest account = nobody
map to guest = Bad User
obey pam restrictions = yes
directory name cache size = 0
kernel change notify = no
panic action = /usr/local/libexec/samba/samba-backtrace
nsupdate command = /usr/local/bin/samba-nsupdate -g
server string = Media Server
# habarnam de ce dar urmatoarele lini au importanta in wingoz
ea support = yes
store dos attributes = yes
lm announce = yes
hostname lookups = yes
# time server nu conteaza dar mi-l trebuie
time server = yes
acl allow execute always = true
dos filemode = yes
multicast dns register = yes
domain logons = no
local master = yes
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000
server role = standalone
netbios name = MEDIA SERVER
workgroup = WORKGROUP
# am incercat si cu = share si apar erori la pornirea samba
security = user
pid directory = /home/server-media/Desktop/test
# aici am incercat cu mai multe variante ca si 0775 sau 0700 sau 0600 etc.
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
# asta iara nu mai e important!
dos charset = CP437
unix charset = UTF-8       
log level = 1          





[homes]
comment = Home Directories
path = /home
valid users = %U
read only = no
available = yes
browseable = yes
writable = yes
guest ok = no
public = no
printable = no
locking = no
strict locking = no

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
#din no in yes la read
read only = yes
available = yes
browseable = yes
writable = no
#din no in yes la guest
guest ok = yes
public = no
printable = no
locking = no
strict locking = no

[profiles]
comment = User Profiles
path = /var/lib/samba/profiles
read only = no
available = yes
browseable = yes
writable = yes
guest ok = no
public = no
printable = no
#din 0600
create mode = 0666
#din 0700
directory mask = 0777
locking = no
strict locking = no

[printers]
comment = All Printers
path = /var/spool/samba
browseable = yes
writable = no
#guest am pus yes
guest ok = yes
public = no
printable = yes
locking = no
strict locking = no
#am bagat urm linii
read only = no
create mask = 0775

[pdf-documents]
path = /var/lib/samba/pdf-documents
comment = Converted PDF Documents
admin users = %U
available = yes
browseable = yes
writeable = yes
guest ok = yes
locking = no
strict locking = no

[pdf-printer]
path = /tmp
comment = PDF Printer Service
printable = yes
guest ok = yes
use client driver = yes
printing = bsd
print command = /usr/bin/gadmin-samba-pdf %s %u
lpq command =
lprm command =

[test]
path = /home/server-media/Desktop/test
comment = doar de test
valid users = test
write list = test
admin users = test
directory mask = 0755
create mode = 0777
read only = no
available = yes
browseable = yes
writable = yes
guest ok = no
public = yes
printable = no
locking = no
strict locking = no

Answered by S Codin on December 11, 2021

I have Samba 4.2.10 on CentOS 7.2. None of above answers worked for me but when I disabled jumbo packet on Windows 10, everything started to work with default settings on clean Windows 10 installation, very simple. Hope it will help someone else. :)

Answered by sekrett on December 11, 2021

I think I have a solution that works on Windows 7 - 10 and on Server 2012

In my case commenting out my line "smb ports 139" helped.

I am using FreeBSD 10 with Samba 4.4.5

Here is a copy of my SMB4.conf. I hope it helps someone.

[global]
    netbios name = SERV
    server string = FreeBSD Samba Server
    security = ADS
    workgroup = FFTPJ
    realm = fftpj.local

    log file = /var/log/samba4/%m.log
    log level = 1

    # Default idmap config used for BUILTIN and local windows accounts/groups
    idmap config *:backend = tdb
    idmap config *:range = 2000-9999

    # idmap config for domain FFTPJ
    idmap config DOMAIN:backend = rid
    idmap config DOMAIN:range = 10000-99999

    # Use template settings for login shell and home directory
    winbind nss info = template
    winbind enum users = Yes
    winbind enum groups = Yes
    winbind use default domain = yes

    client use spnego = yes
    client ntlmv2 auth = yes

    encrypt passwords = yes
    restrict anonymous = 2

    valid users = @"Domain Users

    # **** When smb ports is Set Windows 10 clients cannot connect
    #smb ports = 139

    load printers = No
    disable spoolss = Yes
    local master = No
    hide dot files = No
    wide links = No
    store dos attributes = yes

    vfs objects = acl_xattr
    map acl inherit = yes

[images]
    comment = Images Drive
    path = /images
    read only = No

[backups]
    comment = Backup Drive
    path = /data/backup
    read only = No

Answered by Fitzroy on December 11, 2021

I found that this will work and without needing to edit the Registry or disable the SMB 2/3 services I was able to connect to my raspi 3 that uses Samba-4.2.10-Debian by manually typing in the address as well as typing in the netbios name setup in the raspi's smb.conf file in the file explorer's address bar on Windows 10.

I would click on the network tab but the I could not find my samba share, even though network sharing was enabled and what not, but after typing in //192.168.0.22 (address of my pi) or //SAMBA (the netbios name I setup in smb.conf) I was then able to connect and my samba share.

My Windows 10 at the time still did not connect to SMB 4.x but this seemed to work around this. After that just map the drive and you no longer need to manually enter in the address.

Win 10 version - 10.0.14393 Build 14393 (w/ latest updates)

Hope this helps any one else in the future.

//SAMBA //192.168.0.22

Answered by WretchedGhost on December 11, 2021

I Had the same issue, my Windows 10 workstation could not connect to Sambashare after upgrade of win, errors was error 53, and missing protocols missing wins settings in registry nothing really helped in my case!

What worked for me was:

Open services ( right click on start -> Computer management -> Services and Applications -> and click on services )

Now in services, scroll down to Workstation, is the service running ? If not, you may have same issue as I had.

on my 3 working PC's now all have in the dependencies + Browser Support driver + Network Store Interface Service + SMB 1.x Miniredirector + SMB 2.0 Miniredirector

The way I fixed my issue was:

remove service: sc.exe delete lanmanworkstation

Re-create service: sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi

and then start the service

And my Samba share was accessible even without reboot.

Answered by Ole Conradsen on December 11, 2021

This solved my problem:

Windows 10 will try to negotiate SMB3_11, which Samba4 doesn't yet support
except in the current 4.3 release candidate. I suspect for now disabling
SMB2/3 on the Windows 10 client is your best, if not ideal, option.

Instructions for doing.this can be found
here: https://support.microsoft.com/en-us/kb/2696547

https://lists.samba.org/archive/samba/2015-September/193886.html

Further reading:

Answered by pngl on December 11, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP