Samba / SMB server not working w/ Win8.1 client (LE v11.0.3)

    Hi, I'm no longer able to connect to the SMB server in LE 11.0.3:

    I'm not sure when the last time it worked was, but it definitely did work in the past. And it appears to be working for a Linux smbclient.

    HW: RPi 4B w/ 4GB RAM

    The client PC is on the same LAN switch, running Win 8.1, and is able to connect via SMB to my TrueNAS and to other PCs.

    NMAP shows the ports are open on LE, and SSH and HTTP both work:

    PORT STATE SERVICE VERSION

    22/tcp open ssh OpenSSH 9.2 (protocol 2.0)

    111/tcp open rpcbind

    139/tcp open netbios-ssn Samba smbd 4.6.2

    445/tcp open netbios-ssn Samba smbd 4.6.2

    8080/tcp open http-proxy?

    What's the best way to completely reset the SMB Server settings? Is loading the defaults in the GUI enough?


    Config parameters:

    server min protocol = SMB3

    server max protocol = SMB3

    (I have tried lowering these already. Also, they worked in the past like this.)

    I did notice there is a file

    /storage/.config/samba.conf.sample

    but no

    /storage/.config/samba.conf

    Is that normal?

    Ditto for /usr/config/samba.conf.sample

    If I try from a Linux (CentOS 7.9) client, it does appear to be working:

    $ smbclient -L 192.168.11.14

    Enter SAMBA\barry's password:

    Sharename Type Comment

    --------- ---- -------

    Update Disk

    Videos Disk

    Music Disk

    TV Shows Disk

    Recordings Disk

    Downloads Disk

    Pictures Disk

    Emulators Disk

    Configfiles Disk

    Userdata Disk

    Screenshots Disk

    Logfiles Disk

    Backup Disk

    Picons Disk

    IPC$ IPC IPC Service (LibreELEC)

    SMB1 disabled -- no workgroup available

    Here's a WireShark capture on the PC; .13 is the PC, .14 the LE Pi:

    I don't know enough about SMB to understand if those errors are critical.

    Thanks!

    The SMB "Client" config in Kodi settings has nothing to do with the Samba "Server" which can be enabled (on/off and the password changed) in the LE settings add-on. The default Samba config can be overriden by renaming samba.conf.sample to samba.conf and editing to include whatever changes you want then reboot to effect the change. If no custom config is present it boots using a default config that supports SMB2 and SMB3 and unless you force different behaviour via registry tweaks Windows clients will connect at SMB v2 and then negotiate up to v3 if the server supports them. The Wireshark trace shows the client device connecting and then trying to negotiate an SMB2 connection which fails with the server issuing a STATUS_NOT_SUPPORTED response. I've no idea why that happens and you proved the server is running and can be browsed from the Linux device.

    I'd suggest testing a current LE12 nightly on an SD card as there are some general Samba changes in the newer image (in addition to newer samba server version).

    Control Panel > Administrative Tools > Local Security Policy > Enable - Microsoft Network Client: send unencrypted password to third party SMB servers. When asked for credentials use "servername\username" format.

    ^ Guessing based on some Google searching. Win8.1 license keys should be eligible for a free Win10 or Win11 upgrade and from a security, usability and compatibility perspective it would be a good move.

    Thank you... here's a screenshot of where that is:

    I guess I'll have to reboot the PC, as it's not working yet...

    I know about the security issues on Win8.1... my motherboard is too old for W11, so I'm debating whether I should bother w/ W10 as it'll be EOL soon enough as well.

    Meanwhile, it's the only PC on the subnet, and the Internet-exposed things (browsers, etc.) are well-secured (e.g. NoScript, AdBlock+), and I have a UTM firewall w/ IPS, etc.

    (compensating controls in ITSEC parlance)

    Unfortunately, that didn't help. Wireshark capture still looks similar:

    Thanks for your help!

    Edited once, last by barry: Merged a post created by barry into this post. (November 4, 2023 at 5:33 AM).

    The devices clearly connect so it's a likely a protocol issue and one of the challenges with old Windows (WinXP/7/8) these days is changes to crypto. Have a play with the other 'client' options in the local security policy list too (and yes, reboot required, it's Windows).