Ok, I found a fix and I'm writing about it here just in case anybody is experiencing the same. Analyzing the network traffic with Wireshark I found that when a client tries to connect to the samba server, the server starts spamming the network with DNS requests to resolve its own hostname (nausicaa in my case) and this happens even if you refer to the server by IP address or locally by localhost. This spamming triggers the timeout during the samba protocol negotiation at the beginning of the session. I stopped it just adding one line in /etc/hosts: 127.0.0.1 nausicaa Now the access to the network shares are immediate and reliable, and "client ntlmv2 auth = no" and "client use spnego = no" are no longer needed to me. Cheers, Giuseppe. On Fri, Jun 24, 2016 at 4:42 PM, Giuseppe Gorgoglione <gorgogsp@gmail.com> wrote:

I'm just amazed that this kind of thinkering with configuration parameters is even necessary when smbclient is used against localhost for testing purposes. I mean, being the client and the server coming from the same package, they should work each one against the other out-of-the-box, especially since "client ntlmv2 auth = yes" and "client use spnego = yes" are default settings.

Thanks, Giuseppe.

On Fri, Jun 24, 2016 at 4:25 PM, René Krell <renda.krell@gmail.com> wrote:

...

2016-06-24 15:40 GMT+02:00 Giuseppe Gorgoglione <gorgogsp@gmail.com>:

...

I tried to add that to my smb.conf file, but apparently that's not enough: it just made the smbclient error message to change from "protocol negotiation failed: NT_STATUS_IO_TIMEOUT" to "session setup failed "NT_STATUS_INVALID_PARAMETER". Then searching Samba 4.4.2 release notes [1] for the parameter you cited, I found that they introduced two new configuration defaults:

"client ntlmv2 auth = yes" and "client use spnego = yes"

So I reverted those, adding both "client ntlmv2 auth = no" and "client use spnego = no" to my smb.conf. This worked fine but I discovered to my utter surprise (ok, I'm not a Samba expert, and the "client" prefix to those parameters should have made me think better...) that they must be added to the client's smb.conf, not to the server's.

Yes, of course. I forgot to mention. For me, setting "client use spnego = no" in smb.conf at the client side was enough, didn't need the second one. There should be mentioned, that this might bring security issues in environments with newer protocols, no extended security of the protocol is used with this any longer. Maybe some servers do also force extended security.

...

So now I'm able to access my Linux shares from another Linux box, but still not from Windows, which is my main use case.

With the the above, I have access to all possible shares in the local network around here. I found mainly this response Domain=[MY-DOMAIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] For me, there does also work smbclient -m NT1 -U domain_user //server/share So, our shares unfortunately provide just the Samba 1 protocol.

...

Then, since those parameters are specific to the SMB1 protocol, I tried to force both the client and the server to use SMB2 or SMB3 as min protocol, but didn't worked.

Any idea?

Unfortunately not more. This is a topic for Samba gurus. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Ok, I found a fix and I'm writing about it here just in case anybody is experiencing the same. Analyzing the network traffic with Wireshark I found that when a client tries to connect to the samba server, the server starts spamming the network with DNS requests to resolve its own hostname (nausicaa in my case) and this happens even if you refer to the server by IP address or locally by localhost. This spamming triggers the timeout during the samba protocol negotiation at the beginning of the session. I stopped it just adding one line in /etc/hosts: 127.0.0.1 nausicaa Now the access to the network shares are immediate and reliable, and "client ntlmv2 auth = no" and "client use spnego = no" are no longer needed to me. Cheers, Giuseppe. On Fri, Jun 24, 2016 at 4:42 PM, Giuseppe Gorgoglione <gorgogsp@gmail.com> wrote:

I'm just amazed that this kind of thinkering with configuration parameters is even necessary when smbclient is used against localhost for testing purposes. I mean, being the client and the server coming from the same package, they should work each one against the other out-of-the-box, especially since "client ntlmv2 auth = yes" and "client use spnego = yes" are default settings.

Thanks, Giuseppe.

On Fri, Jun 24, 2016 at 4:25 PM, René Krell <renda.krell@gmail.com> wrote:

...

2016-06-24 15:40 GMT+02:00 Giuseppe Gorgoglione <gorgogsp@gmail.com>:

...

I tried to add that to my smb.conf file, but apparently that's not enough: it just made the smbclient error message to change from "protocol negotiation failed: NT_STATUS_IO_TIMEOUT" to "session setup failed "NT_STATUS_INVALID_PARAMETER". Then searching Samba 4.4.2 release notes [1] for the parameter you cited, I found that they introduced two new configuration defaults:

"client ntlmv2 auth = yes" and "client use spnego = yes"

So I reverted those, adding both "client ntlmv2 auth = no" and "client use spnego = no" to my smb.conf. This worked fine but I discovered to my utter surprise (ok, I'm not a Samba expert, and the "client" prefix to those parameters should have made me think better...) that they must be added to the client's smb.conf, not to the server's.

Yes, of course. I forgot to mention. For me, setting "client use spnego = no" in smb.conf at the client side was enough, didn't need the second one. There should be mentioned, that this might bring security issues in environments with newer protocols, no extended security of the protocol is used with this any longer. Maybe some servers do also force extended security.

...

So now I'm able to access my Linux shares from another Linux box, but still not from Windows, which is my main use case.

With the the above, I have access to all possible shares in the local network around here. I found mainly this response Domain=[MY-DOMAIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] For me, there does also work smbclient -m NT1 -U domain_user //server/share So, our shares unfortunately provide just the Samba 1 protocol.

...

Then, since those parameters are specific to the SMB1 protocol, I tried to force both the client and the server to use SMB2 or SMB3 as min protocol, but didn't worked.

Any idea?

Unfortunately not more. This is a topic for Samba gurus. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org