Kodi and SMBv1

sam_nazarko · 4 July 2017 16:09

Thanks.

So can you confirm what ~/.smb/smb.conf should look like so we can make this change to OSMC?

Cheers,

Sam

bedub1 · 4 July 2017 16:26

Mine looks like this:

But what if somebody wants to use SMB1?

I changed this:
client min protocol = SMB2
to this:
client min protocol = SMB1

And it no longer worked.

sam_nazarko · 4 July 2017 16:47

It’s probably best to change it to that; as SMBv1 is quite rare now.
Legacy devices can still be accessed via fstab

bedub1 · 4 July 2017 17:08

Okay I did a bunch of testing.

If I leave SMB 1, 2, and 3 all enabled on my server.
If I set my smb.conf file to this:

[quote][global]
preferred master = no
local master = no
domain master = no
client lanman auth = yes
lanman auth = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=6$
lock directory = /home/osmc/.smb/
client use spnego = no
client ntlmv2 auth = no
name resolve order = bcast host
client max protocol = SMB3
[/quote]
(I only added client max protocol = SMB3, left everything else alone)

Then Kodi will use SMB v3.

Without the client max protocol, kodi uses SMB1.
Without the client max protocol, AND with ntlmv2 auth set to yes, SMB1 doesn’t work. Endless password prompts.

So again, the most widely compatible bet is to just add:

The safest/most secure bet would be to add these 3:

[quote] client ntlmv2 auth = yes
client min protocol = SMB2
client max protocol = SMB3[/quote]
(You don’t add client ntlmv2 auth = yes, you change the no to yes)

fzinken · 5 July 2017 02:51

I can confirm that below config works against samba 4.5.10 server. But it also work if we comment out the “client max protocol = SMB3” I am not sure what advantages it has to limit the max protocol.

[global]
preferred master = no
local master = no
domain master = no
client lanman auth = yes
lanman auth = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
lock directory = /home/osmc/.smb/
client use spnego = no
client use spnego principal = no
client ntlmv2 auth = yes
name resolve order = bcast host
client min protocol = SMB2
client max protocol = SMB3

fzinken · 5 July 2017 02:54

Did you try

client ntlmv2 auth = yes
name resolve order = bcast host
client min protocol = SMB2

without “client max protocol = SMB3”

nAFutro · 6 July 2017 12:18

‘client max protocol = default’ used to be ‘NT1’ in many Samba versions.
In Samba 4.3.0 they changed it to ‘SMB3_11’ but we are not on that version yet. By setting the value we are kind of enabling it with our version.

I’m sure that your server negotiatied down to SMB1. Unless ‘server min protocol = SMB2’ is set on your server this still happens.

I’m with bedub1
the most widely compatible bet is to just add:
client max protocol = SMB3
(doesn’t break browsing)

The safest/most secure bet would be to add these 3:
client ntlmv2 auth = yes client min protocol = SMB2 client max protocol = SMB3
(breaks browsing)

name resolve order = bcast ... just tested it, doesn’t bring back browsing when SMB1 is disabled.

sam_nazarko · 30 July 2017 15:16

I have now made these changes default in Kodi, so hopefully there’s no need for any further tinkering.

Thank you @nAFutro @fzinken @bedub1 @Tom_Doyle. This will help a lot of users

Sam