Description of problem: Since 4.13.2-2 I cannot connect to a NT1 samba share with gio (gvfs) in nautilus or from command line gio mount smb://server . The error in logs is: vfsd[6493]: smb_signing_good: BAD SIG: seq 1 Version-Release number of selected component (if applicable): 4.13.2-2 I guess it is the redhat.patch from the newest version. is there maybe some workaround for the configs?
Could you please provide 'testparm -v -s' output as attachment? Does smbclient work against this SMB1 share? I have old NAS with SMB1 and smbclient works for me with smbclient --option=clientminprotocol=NT1 //host/Backups
Created attachment 1736033 [details] testparm added testparm output. smbclient works to connect. as does mounting with -cifs.
Andreas, could you please look at this?
Hi. Is there any progress or news on this? Connecting to a NT1 samba share from Fedora 33 nautilus still does not work and there seems to be no workaround... samba-client-4.13.4-0.fc33.x86_64
I can confirm this works with `samba-client-2:4.13.0-11.fc33.x86_64` (shipped with the Fedora 33 live ISO) but stops working after upgrading to `samba-client-2:4.13.8-0.fc33.x86_64`.
We need debug output and possibly a network trace to see what is going wrong. $ pkill gvfsd $ GVFS_SMB_DEBUG="10" GVFS_DEBUG="1" /usr/libexec/gvfsd -r Should write out the debug output for you.
Created attachment 1782831 [details] working log
Created attachment 1782832 [details] failing log
I attached the requested debug output. The only thing changed was our domain to "redacted"(.com).
Can you reproduce this with Samba 4.14.x? What is the smb.conf of the server (testparm -s), we need to reproduce this. There is no commit in the smb signing part. It must be something else.
Yes, reproducible with Samba 4.14 on Fedora 34. Something must have changed between the two versions I mentioned earlier. The server is an ancient NetApp NAS. I don't think it has an `smb.conf`. I can successfully mount the share using the kernel module (not GVFS) if I use `-o vers=1.0,sec=ntlm`.
Also, the `smbclient` tool itself works. It is just the GVFS mounting that does not.
The original poster is correct in saying that 4.13.2-2 is exactly the first release the issue appears in. 4.13.2-1 still works. The test was done on a fresh live Fedora 33 using the packages samba-{{client,common}{,-libs},-libs},lib{smb,wb}client from https://kojipkgs.fedoraproject.org/packages/samba/4.13.2/1.fc33/ and ...2.fc33/, respectively. The changelog for 4.13.2-2 states: - rhbz#1892745, rhbz#1900232: smbclient mget crashes (upstream bug 14517) - Merge RHEL 8.4 patches: - FIPS-related enhancements - FreeIPA Global Catalog patches The commits can be seen at https://src.fedoraproject.org/rpms/samba/commits/f33 .
I was able to solve/work around the issue by enabling SMB signing on the NAS according to https://library.netapp.com/ecmdocs/ECMP1401220/html/GUID-084BBC00-EBD4-4899-AD85-9628368D3AF2.html . It should probably be enabled anyway. GVFS mounts work again for me with versions 4.13.2-2 and later.
I was also able to work around this problem by enabling signing on server side because : "Default: server signing = Disabled" https://www.samba.org/samba/docs/3.6/man-html/smb.conf.5.html so I set server signing = auto on the SERVER smb.conf and restarted samba and then it worked :)
That is the right thing to do to allow singing if a client requests it. We require singing for IPC connections 'client ipc singing' options, we don't for smb connection 'client singing'. If it wants to enumerate shares, it will use IPC to do that and singing is required for that case. I think we can close this.