I'm using smbclient to access a shared Windows file system. I cannot mount it, because I don't have the permissions. How do I mget only the files which are new or have been updated? (Likewise mput). I don't think I can use rsync, because rsync only works if one mounts the Windows FS, which I can't do. I can only access it via smbclient.

I've been trying kioptrix-level-1 exercise at https://www.vulnhub.com/entry/kioptrix-level-1-1,22/ and wondering why smbclient can't identify the Samba version? smbclient version 4.11.5-Debian wolf@linux:~$ smbclient -V Version 4.11.5-Debian wolf@linux:~$ e.g. wolf@linux:~$ smbclient -L 10.10.10.10 Server does not support EXTENDED_SECURITY but 'client use spnego = yes' and 'client ntlmv2 auth = yes' is set Anonymous login successful Enter WORKGROUP\wolf's password: Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba Server) ADMIN$ IPC IPC Service (Samba Server) Reconnecting with SMB1 for workgroup listing. Server does not support EXTENDED_SECURITY but 'client use spnego = yes' and 'client ntlmv2 auth = yes' is set Anonymous login successful Server Comment --------- ------- KIOPTRIX Samba Server Workgroup Master --------- ------- MYGROUP KIOPTRIX wolf@linux:~$ enum4linux attempt also didn't reveal the Samba's version number wolf@linux:/etc/samba$ enum4linux 10.10.10.10 Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Thu May 21 00:04:57 2020 ========================== | Target Information | ========================== Target ........... 10.10.10.10 RID Range ........ 500-550,1000-1050 Username ......... '' Password ......... '' Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none ====================================================== | Enumerating Workgroup/Domain on 10.10.10.10 | ====================================================== [+] Got domain/workgroup name: MYGROUP ============================================== | Nbtstat Information for 10.10.10.10 | ============================================== Looking up status of 10.10.10.10 KIOPTRIX - B Workstation Service KIOPTRIX - B Messenger Service KIOPTRIX - B File Server Service ..__MSBROWSE__. - B Master Browser MYGROUP - B Domain/Workgroup Name MYGROUP - B Master Browser MYGROUP - B Browser Service Elections MAC Address = 00-00-00-00-00-00 ======================================= | Session Check on 10.10.10.10 | ======================================= [+] Server 10.10.10.10 allows sessions using username '', password '' ============================================= | Getting domain SID for 10.10.10.10 | ============================================= Domain Name: MYGROUP Domain Sid: (NULL SID) [+] Can't determine if host is part of domain or part of a workgroup ======================================== | OS information on 10.10.10.10 | ======================================== Use of uninitialized value $os_info in concatenation (.) or string at ./enum4linux.pl line 464. [+] Got OS info for 10.10.10.10 from smbclient: [+] Got OS info for 10.10.10.10 from srvinfo: KIOPTRIX Wk Sv PrQ Unx NT SNT Samba Server platform_id : 500 os version : 4.5 server type : 0x9a03 =============================== | Users on 10.10.10.10 | =============================== Use of uninitialized value $users in print at ./enum4linux.pl line 874. Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 877. Use of uninitialized value $users in print at ./enum4linux.pl line 888. Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 890. =========================================== | Share Enumeration on 10.10.10.10 | =========================================== Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba Server) ADMIN$ IPC IPC Service (Samba Server) Reconnecting with SMB1 for workgroup listing. Server Comment --------- ------- KIOPTRIX Samba Server Workgroup Master --------- ------- MYGROUP KIOPTRIX [+] Attempting to map shares on 10.10.10.10 //10.10.10.10/IPC$ [E] Can't understand response: NT_STATUS_NETWORK_ACCESS_DENIED listing \* //10.10.10.10/ADMIN$ [E] Can't understand response: tree connect failed: NT_STATUS_WRONG_PASSWORD ====================================================== | Password Policy Information for 10.10.10.10 | ====================================================== [E] Unexpected error from polenum: [+] Attaching to 10.10.10.10 using a NULL share [+] Trying protocol 139/SMB... [!] Protocol failed: SMB SessionError: 0x5 [+] Trying protocol 445/SMB... [!] Protocol failed: [Errno Connection error (10.10.10.10:445)] [Errno 111] Connection refused [+] Retieved partial password policy with rpcclient: Password Complexity: Disabled Minimum Password Length: 0 ================================ | Groups on 10.10.10.10 | ================================ [+] Getting builtin groups: group:[Administrators] rid:[0x220] group:[Users] rid:[0x221] group:[Guests] rid:[0x222] group:[Power Users] rid:[0x223] group:[Account Operators] rid:[0x224] group:[System Operators] rid:[0x225] group:[Print Operators] rid:[0x226] group:[Backup Operators] rid:[0x227] group:[Replicator] rid:[0x228] [+] Getting builtin group memberships: Group 'Users' (RID: 545) has member: Couldn't find group Users Group 'Guests' (RID: 546) has member: Couldn't find group Guests Group 'Replicator' (RID: 552) has member: Couldn't find group Replicator Group 'Account Operators' (RID: 548) has member: Couldn't find group Account Operators Group 'Print Operators' (RID: 550) has member: Couldn't find group Print Operators Group 'Power Users' (RID: 547) has member: Couldn't find group Power Users Group 'System Operators' (RID: 549) has member: Couldn't find group System Operators Group 'Administrators' (RID: 544) has member: Couldn't find group Administrators Group 'Backup Operators' (RID: 551) has member: Couldn't find group Backup Operators [+] Getting local groups: group:[sys] rid:[0x3ef] group:[tty] rid:[0x3f3] group:[disk] rid:[0x3f5] group:[mem] rid:[0x3f9] group:[kmem] rid:[0x3fb] group:[wheel] rid:[0x3fd] group:[man] rid:[0x407] group:[dip] rid:[0x439] group:[lock] rid:[0x455] group:[users] rid:[0x4b1] group:[slocate] rid:[0x413] group:[floppy] rid:[0x40f] group:[utmp] rid:[0x415] [+] Getting local group memberships: [+] Getting domain groups: group:[Domain Admins] rid:[0x200] group:[Domain Users] rid:[0x201] [+] Getting domain group memberships: Group 'Domain Users' (RID: 513) has member: Couldn't find group Domain Users Group 'Domain Admins' (RID: 512) has member: Couldn't find group Domain Admins I've been looking at other write up such https://blog.roskyfrosky.com/vulnhub/2017/04/01/Kioptrix1.0-vulnhub.html and found that they don't have this kind of issue. or https://blog.bladeism.com/kioptrix-level-1/ enum4linux 192.168.33.133 ========================== | Target Information | ========================== Target ……….. 192.168.33.133 RID Range …….. 500-550,1000-1050 Username ……… ” Password ……… ” Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none ====================================================== | Enumerating Workgroup/Domain on 192.168.33.133 | ====================================================== [+] Got domain/workgroup name: MYGROUP ============================================== | Nbtstat Information for 192.168.33.133 | ============================================== Looking up status of 192.168.33.133 KIOPTRIX – B Workstation Service KIOPTRIX – B Messenger Service KIOPTRIX – B File Server Service ..__MSBROWSE__. – B Master Browser MYGROUP – B Domain/Workgroup Name MYGROUP – B Master Browser MYGROUP – B Browser Service Elections MAC Address = 00-00-00-00-00-00 ======================================= | Session Check on 192.168.33.133 | ======================================= [+] Server 192.168.33.133 allows sessions using username ”, password ” ============================================= | Getting domain SID for 192.168.33.133 | ============================================= Domain Name: MYGROUP Domain Sid: (NULL SID) [+] Can’t determine if host is part of domain or part of a workgroup ======================================== | OS information on 192.168.33.133 | ======================================== [+] Got OS info for 192.168.33.133 from smbclient: Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.2.1a] [+] Got OS info for 192.168.33.133 from srvinfo: KIOPTRIX Wk Sv PrQ Unx NT SNT Samba Server platform_id : 500 os version : 4.5 server type : 0x9a03 =============================== | Users on 192.168.33.133 | =============================== Use of uninitialized value $users in print at ./enum4linux.pl line 874. Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 877. Use of uninitialized value $users in print at ./enum4linux.pl line 888. Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 890. =========================================== | Share Enumeration on 192.168.33.133 | =========================================== WARNING: The “syslog” option is deprecated Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.2.1a] Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.2.1a] Sharename Type Comment ——— —- ——- IPC$ IPC IPC Service (Samba Server) ADMIN$ IPC IPC Service (Samba Server) Server Comment ——— ——- KIOPTRIX Samba Server Workgroup Master ——— ——- MYGROUP KIOPTRIX WORKGROUP BLADEISM [+] Attempting to map shares on 192.168.33.133 //192.168.33.133/IPC$ [E] Can’t understand response: WARNING: The “syslog” option is deprecated Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.2.1a] NT_STATUS_NETWORK_ACCESS_DENIED listing \* //192.168.33.133/ADMIN$ [E] Can’t understand response: WARNING: The “syslog” option is deprecated Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.2.1a] tree connect failed: NT_STATUS_WRONG_PASSWORD

I have a network folder in my LAN, I have installed smbclient to access it with the command smbclient //xxx.xxx.xxx.xxx/share_folder --user=share/user%password I can access it. But how can I store the password to don't have to type it ? edit: correction

I'm using this command for testing the SMB connection: smbclient -A=credential_file -L \\hostname Sharename Type Comment --------- ---- ------- ADMIN$ Disk Remote Admin C$ Disk Default share Acme Disk Acme Directory Disk Share Disk SMB1 disabled -- no workgroup available I can explore the Acme directory because there isn't space in its name with this command : smbclient -A=credential_file \\\\hostname\\Acme -c "dir" but if I want to explore the directory Acme Directory with these command as example I've error message smbclient -A=credential_file \\\\hostname\\Acme\ Directory -c "dir" NT_STATUS_ACCESS_DENIED listing \* smbclient -A=credential_file \\\\hostname\\Acme\%20Directory -c "dir" tree connect failed: NT_STATUS_BAD_NETWORK_NAME How to explore directory with space in its name ?

I'm trying to delete files on a NetApp server using smbclient //servername/share -c "deltree directory_to_delete". It works except for folders which have the read-only flag set. In this case, the command aborts with NT_STATUS_CANNOT_DELETE. I can view the flags with smbclient //servername/share -c "ls directory_to_delete/*" and remove them with smbclient //servername/share -c "setmode directory_to_delete/subdir_with_ro_flag -r", but only per directory. Is there a way to automate this (remove the read-only flag recursively) or any other way how to recursively delete a directory with read-only subdirectories? Btw. the Windows explorer does not complain when deleting such directories (using the same credentials). I'm sure it removes the ro-flag silently.

I'm trying to connect to SMB share on my TrueNAS from my Fedora. It works well until I decided to enable encryption of SMB data. I put following in the service config on TrueNAS (global settings)

unix extensions = yes
server signing = required
client smb encrypt = required
server smb3 encryption algorithms = -AES-128-GCM -AES-128-CCM

and following in the particular SMB share (per-share settings)

server smb encrypt = required

Then, I tried to mount the SMB share by

sudo mount -t smb3 -o cred=,uid=1000,gid=1000,mfsymlinks ///NAS /mnt/NAS

and, boom, mount error(13): Permission denied. In dmesg, it says

[112496.066462] CIFS: Attempting to mount ///NAS
[112496.085283] CIFS: VFS: sign fail cmd 0x3 message id 0x3
[112496.085287] CIFS: VFS: \\ SMB signature verification returned error = -13
[112496.085290] CIFS: VFS: \\ failed to connect to IPC (rc=-13)
[112496.085294] CIFS: VFS: session 00000000639775cf has no tcon available for a dfs referral request
[112496.085480] CIFS: VFS: sign fail cmd 0x3 message id 0x4
[112496.085481] CIFS: VFS: \\ SMB signature verification returned error = -13
[112496.085684] CIFS: VFS: sign fail cmd 0x2 message id 0x5
[112496.085687] CIFS: VFS: \\ SMB signature verification returned error = -13
[112496.085690] CIFS: VFS: \\ __cifs_put_smb_ses: Session Logoff failure rc=-13
[112496.085700] CIFS: VFS: cifs_mount failed w/return code = -13

If I remove the line forcing AES-256 (disallowing AES-128):

server smb3 encryption algorithms = -AES-128-GCM -AES-128-CCM

the mount command will work fine. However, even if I keep the forcing AES-256 config, I can still connect to my SMB share from Finder on macOS and iOS, and from Dolphin on KDE (I use fedora with KDE). So, does smbclient in cli not support AES-256 encryption at all? Or can I turn something on and make the mount work totally fine? Btw, smbclient --version gives Version 4.19.4. --- Update: Following is the verbose output of mount as suggested by comment.

$ sudo mount -t smb3 --verbose -o cred=,uid=1000,gid=1000,mfsymlinks ///NAS /mnt/NAS
mount.smb3 kernel mount options: ip=,unc=\\\NAS,mfsymlinks,uid=1000,gid=1000,user=,pass=********
mount error(13): Permission denied
Refer to the mount.smb3(8) manual page (e.g. man mount.smb3) and kernel log messages (dmesg)

--- Update: Tried different sec options: * krb5/krb5i: * mount verbose outputs:

$ sudo mount -t smb3 --verbose -o cred=,uid=1000,gid=1000,mfsymlinks,sec= ///NAS /mnt/NAS
        mount.smb3 kernel mount options: ip=,unc=\\\NAS,mfsymlinks,sec=,uid=1000,gid=1000,user=,pass=********
        mount.smb3 kernel mount options: ip=,unc=\\\NAS,mfsymlinks,sec=,uid=1000,cruid=1000,gid=1000,user=,pass=********
        mount error(126): Required key not available
        Refer to the mount.smb3(8) manual page (e.g. man mount.smb3) and kernel log messages (dmesg)

* dmesg outputs:

[190212.841620] CIFS: Attempting to mount ///NAS
        [190212.851741] CIFS: VFS: unknown or missing server auth type, use krb5
        [190212.861466] CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed
        [190212.861472] CIFS: VFS: \\ Send error in SessSetup = -126
        [190212.861487] CIFS: VFS: cifs_mount failed w/return code = -126

* ntlm/ntlmi: * mount verbose outputs:

$ sudo mount -t smb3 --verbose -o cred=,uid=1000,gid=1000,mfsymlinks,sec= ///NAS /mnt/NAS
        mount.smb3 kernel mount options: ip=,unc=\\\NAS,mfsymlinks,sec=ntlm,uid=1000,gid=1000,user=,pass=********
        mount error(22): Invalid argument
        Refer to the mount.smb3(8) manual page (e.g. man mount.smb3) and kernel log messages (dmesg)

* dmesg outputs:

[190683.752148] bad security option: 

        [190683.752170] CIFS: VFS: bad security option:

* ntlmv2/ntlmv2i/ntlmssp/ntlmsspi: These four options makes no difference in mount verbose output or dmesg compared with not specifying any sec option. --- Update: Tried cifs with specifying vers option: * vers=2.0: * mount output:

mount.cifs kernel mount options: ip=,unc=\\\NAS,mfsymlinks,vers=2.0,uid=1000,gid=1000,user=,pass=********
        mount error(13): Permission denied
        Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)

* dmesg:

[281141.068174] CIFS: Attempting to mount ///NAS
        [281141.085261] CIFS: VFS: \\ smb2_calc_signature: Could not find session
        [281141.085286] CIFS: VFS: \\ __cifs_put_smb_ses: Session Logoff failure rc=-2
        [281141.085298] CIFS: VFS: cifs_mount failed w/return code = -13

* vers=1.0: * mount output:

mount.cifs kernel mount options: ip=,unc=\\\NAS,mfsymlinks,vers=1.0,uid=1000,gid=1000,user=,pass=********
        mount error(95): Operation not supported
        Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)

I removed mfsymlinks (which is not supported in SMB1.0?) but the output is the same. * demsg:

[281295.220579] Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers

        [281295.220601] CIFS: VFS: Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers
        [281295.220609] CIFS: Attempting to mount ///NAS
        [281295.231815] CIFS: VFS: cifs_mount failed w/return code = -95

I am trying to get a SMB connection to a [HackTheBox](https://www.hackthebox.com/) box with an open SMB port. But smbclient throws an "ERROR NT_STATUS_IO_TIMEOUT" error every time. I've added client min protocol = CORE client max protocol = SMB3 to my /etc/samba/smb.conf file but this hasn't helped. What can I do?

I'm trying to do some enumeration on the kioptrix vm from vulnhub and failing to list available shares using smbclient. According to nmap tcp/139 is open. I've used metasploits auxiliary smb_version module and it looks like the Samba version is 2.2.1a. When I try to connect smbclient -L //x.x.x.x I get the error **protocol negotiation failed: NT_STATUS_IO_TIMEOUT**. So I connected back with Wireshark running and it looks like that smbclient is not advertising the particular dialect (2.2.1a) if i understand correctly, hence the connection is not established. In this post https://www.reddit.com/r/oscp/comments/fg956k/kali2020_htb_smbclient_protocol_negotiation/ it was recommended to add NT1 (smb version 1) as the minimum supported version but that's not how you would enumerate a target. Are there any reasons why the particular dialect would not be included in smbclient or am I simply wrrong here ? Thanks !

smbclient //10.206.241.204/C$ -U administrator -d 3 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[global]" added interface ens192 ip=10.206.241.215 bcast=10.206.241.255 netmask=255.255.254.0 Password for [SAMBA\administrator]: Client started (version 4.16.4). Connecting to 10.206.241.204 at port 445 GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'ncalrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'http_negotiate' registered Cannot do GSE to an IP address Got challenge flags: Got NTLMSSP neg_flags=0x628a8215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 Illegal instruction (core dumped) All VMs in question are using x86/x64 CPU architecture, 64-bit OSes. I just mention this because apparently having mixed CPU architecture in the environment can cause this (not applicable in my case). I have updated / uninstalled / reinstalled the SMB client - nothing changes. Can this be fixed? I am able to connect to SMB servers (Windows VMs) with other server (Ubuntu, PhotonOS, Windows), just not this RHEL 8.7 server. journalctl | grep smbclient Mar 01 14:30:45 RHEL-8-Salt-Master systemd-coredump: Process 4025418 (smbclient) of user 0 dumped core. Mar 01 14:33:56 RHEL-8-Salt-Master kernel: traps: smbclient trap invalid opcode ip:7f4d2928b78a sp:7ffdb5362480 error:0 in libgnutls.so.30.28.2[7f4d29146000+1dd000] Mar 01 14:33:56 RHEL-8-Salt-Master systemd-coredump: Resource limits disable core dumping for process 4026317 (smbclient). Mar 01 14:33:56 RHEL-8-Salt-Master systemd-coredump: Process 4026317 (smbclient) of user 0 dumped core. Mar 01 14:38:33 RHEL-8-Salt-Master kernel: traps: smbclient trap invalid opcode ip:7fadcdf3278a sp:7ffe81095480 error:0 in libgnutls.so.30.28.2[7fadcdded000+1dd000] Mar 01 14:38:33 RHEL-8-Salt-Master systemd-coredump: Resource limits disable core dumping for process 4027642 (smbclient). Mar 01 14:38:33 RHEL-8-Salt-Master systemd-coredump: Process 4027642 (smbclient) of user 0 dumped core.

i have an external hard drive connect to my TP-Link router and shared using USB Share, i am unable to connect to this Share from Ubuntu, i can only see shared volumes but can't gain access. I can connect to it from Windows and even from my Android device using X-plore File Manager. What can i do ? My router is old and it supports only SMBv1 shares.

I'm trying to make my samba share (running on Debian 10) writable but it seems that anything I try just breaks the share and I cannot access it anymore. Here's my current configuration: [MediaServer4TB] comment = Media Server 4TB browseable = yes path = /media/sf_filesrvr guest ok = no read only = no create mask = 0600 directory mask = 0700 security = user encrypt passwords = yes force user = root writeable = yes The client is an Ubuntu 20.04 LTS machine. Could the issue be that the machine is a virtual machine using a virtual folder as directory for the share? If yes, how would you proceed? **EDIT: I realized I can copy files and folders from the remote machine but I cannot move files inside the samba share. The directory /media/sf_filesrvr is writable by root (the user that is trying to access it)** Here is the log output for the specific client: [2022/05/01 15:33:49.864251, 3] ../../auth/ntlmssp/ntlmssp_sign.c:623(ntlmssp_sign_reset) NTLMSSP Sign/Seal - Initialising with flags: [2022/05/01 15:33:49.864280, 3] ../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x62088215 [2022/05/01 15:33:49.864331, 3] ../../auth/ntlmssp/ntlmssp_sign.c:623(ntlmssp_sign_reset) NTLMSSP Sign/Seal - Initialising with flags: [2022/05/01 15:33:49.864352, 3] ../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x62088215 [2022/05/01 15:33:49.864612, 3] ../../source3/auth/token_util.c:688(finalize_local_nt_token) Failed to fetch domain sid for WORKGROUP [2022/05/01 15:33:49.865078, 3] ../../source3/groupdb/mapping.c:854(pdb_create_builtin_alias) pdb_create_builtin_alias: Could not get a gid out of winbind [2022/05/01 15:33:49.865115, 2] ../../source3/auth/token_util.c:719(finalize_local_nt_token) WARNING: Failed to create BUILTIN\Administrators group! Can Winbind allocate gids? [2022/05/01 15:33:49.865611, 3] ../../source3/groupdb/mapping.c:854(pdb_create_builtin_alias) pdb_create_builtin_alias: Could not get a gid out of winbind [2022/05/01 15:33:49.865647, 2] ../../source3/auth/token_util.c:739(finalize_local_nt_token) WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids? [2022/05/01 15:33:49.866176, 3] ../../source3/groupdb/mapping.c:854(pdb_create_builtin_alias) pdb_create_builtin_alias: Could not get a gid out of winbind [2022/05/01 15:33:50.008196, 3] ../../source3/smbd/password.c:84(register_homes_share) Adding homes service for user 'root' using home directory: '/root'

Using smbclient and the 'get' command to move files from a Windows network share over to a Linux box. I can smbclient from Linux to the network share and bring individual files over by doing something like: smb: \Source\> get 'filename.txt' This automatically drops the file into whatever current directory I'm in on Linux - which is perfect. **My question is:** How do I stage a bunch of files on the network share, and then when I'm ready, transfer all of the files at once? Hoping I don't have to name every individual file I want to transfer.

I'm experiencing problems configuring samba on my Fedora machines. Everything has always worked great on CentOS but identical configurations are having problems with Fedora. I have three computers on the same network, lets call them: A, M, and L. All computers have identical [global] entries in their smb.conf. 'A' is running CentOS 7, has no problems, and can see all hosts and shares for A, M, and L according to smbtree. Both 'M' and 'L' are running Fedora 30 but cannot resolve any NETBIOS names (I can't ping the other machines by hostname), and see nothing on smbtree, not even its own shares. Interestingly, there is also a Windows machine on the network. Lets call this machine 'W'. All of the Linux systems can resolve this machine by its hostname and ping it. The problem is with the Linux machines talking with each other. smb.conf (all machines): [global] workgroup = WORKGROUP security = user passdb backend = tdbsam printing = cups printcap name = cups load printers = yes cups options = raw hosts allow = 127. 10.0.1. ntlm auth = yes Firewall open services (all machines): samba ntp dhcpv6-client ssh samba-client Note that the Fedora machines also allow the mdns through the firewall. That's it. It should be simple but it's not working. What's going on?

A Linux-based multimedia-box I have runs smbd, which reports its version as **3.0.30**. smbclient 4.10 used to be able to connect to it, but, after upgrading the client to **4.13.8**, I'm getting NT_STATUS_CONNECTION_DISCONNECTED immediately upon startup... I'm sure, this is due to some option being disabled in the latest versions of Samba -- but which one? Can I enable it back by editing smb.conf (how?), or is it removed completely and I need to downgrade the client (to 4.12?)? At debug level 9, here is, what I get:

Processing section "[global]"
doing parameter raw NTLMv2 auth = yes
lpcfg_do_global_parameter: WARNING: The "raw NTLMv2 auth" option is deprecated
doing parameter lanman auth = yes
lpcfg_do_global_parameter: WARNING: The "lanman auth" option is deprecated
doing parameter ntlm auth = yes
doing parameter log level = auth:1000
doing parameter workgroup = Xxxxxxx
doing parameter server string = Xxxxx Samba Server
doing parameter security = user
doing parameter client use spnego = yes
lpcfg_do_global_parameter: WARNING: The "client use spnego" option is deprecated
doing parameter hosts allow = 192.168.1. 127.
doing parameter load printers = yes
doing parameter guest account = nobody
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 50
doing parameter socket options = SO_RCVBUF=8192 SO_SNDBUF=8192
doing parameter dns proxy = no
doing parameter unix charset = koi8-u
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface bce1 ip=192.168.1.8 bcast=192.168.1.255 netmask=255.255.255.0
added interface ib0 ip=192.168.2.11 bcast=192.168.2.255 netmask=255.255.255.0
added interface ib1 ip=192.168.3.11 bcast=192.168.3.255 netmask=255.255.255.0
Netbios name list:-
my_netbios_names="xxxx"
Client started (version 4.13.8).
Opening cache file at /var/db/samba4/gencache.tdb
sitename_fetch: No stored sitename for realm ''
name dune1#20 found.
Connecting to 192.168.1.167 at port 445
Socket options:
        SO_KEEPALIVE = 0
        SO_REUSEADDR = 0
        SO_BROADCAST = 0
        TCP_NODELAY = 0
        TCP_KEEPCNT = 8
        TCP_KEEPIDLE = 7200
        TCP_KEEPINTVL = 75
        IPTOS_LOWDELAY = 0
        IPTOS_THROUGHPUT = 0
        SO_REUSEPORT = 0
        SO_SNDBUF = 8192
        SO_RCVBUF = 8192
        SO_SNDLOWAT = 2048
        SO_RCVLOWAT = 1
        SO_SNDTIMEO = 0
        SO_RCVTIMEO = 0
 session request ok
protocol negotiation failed: NT_STATUS_CONNECTION_DISCONNECTED

After downgrading back to 4.10, the above verbose logging ends with the proper password prompt:

Connecting to 192.168.1.167 at port 445
Socket options:
        SO_KEEPALIVE = 0
        SO_REUSEADDR = 0
        SO_BROADCAST = 0
        TCP_NODELAY = 0
        TCP_KEEPCNT = 8
        TCP_KEEPIDLE = 7200
        TCP_KEEPINTVL = 75
        IPTOS_LOWDELAY = 0
        IPTOS_THROUGHPUT = 0
        SO_REUSEPORT = 0
        SO_SNDBUF = 8192
        SO_RCVBUF = 8192
        SO_SNDLOWAT = 2048
        SO_RCVLOWAT = 1
        SO_SNDTIMEO = 0
        SO_RCVTIMEO = 0
 session request ok
 negotiated dialect[NT1] against server[dune1]
Enter Xxxx\xx's password:

Has the "**NT1 dialect**" been removed from Samba-4.12 and 4.13? Can I enabled it back through config-file?

Im trying to transfer a file using samba. I started a smbserver and can not connect to it. Command: smbclient -L //ip address/temp Error: protocol negotiation failed: NT_STATUS_NOT_SUPPORTED

I want to access an SMB share on our intranet. * When I execute

smbclient -L //intranet.host/ -U myuser

I can enter my password and get a list of all shares. * When I want to enter the smb shell with

smbclient //intranet.host/ -U myuser

I'm not asked for my password and the command returns without any output. What am I missing here?

Gleaning from the [Arch Linux Wiki entry](https://wiki.archlinux.org/index.php/Samba) , I have what I think is the minimal setup of accessing a Windows shared drive via SMB from my Arch Linux 4.20.6: * sudo pacman -S samba * sudo echo "logging = systemd" >> /etc/samba/smb.conf since the smb service needs this config file, otherwise it'll crash with the error: Job for smb.service failed because the control process exited with error code. See "systemctl status smb.service" and "journalctl -xe" for details. * sudo systemctl start smb Assuming that the remote Windows machine is at 172.16.17.52, I'm able to list the share names with smbclient -L 172.16.17.52 -U MyUserName%MyPassword -W OurWindowsDomain Among those is a service of type "Disk" with share name OurRemoteDirectory that I'd like to access, i.e., transfer files from and to it. Hoping to be able to access OurRemoteDirectory on the shared drive, I issued smbclient 172.16.17.52/OurRemoteDirectory -U MyUserName%MyPassword -W OurWindowsDomain But that produced this error message: Unable to initialize messaging context 172.16.17.52: Not enough '\' characters in service How can I fix this error and access OurRemoteDirectory on the shared drive?

I'm having problems connecting my Debian Linux system to my Windows SMB share. The other windows VMs have no problem mounting the drive, just Linux. * This VM is connected to the AD by realmd, and using sssd. **The ERROR -**

gensec_spnego_client_negTokenInit_step: gse_krb5: creating NEG_TOKEN_INIT for cifs/windows-2016-dc failed (next[(null)]): NT_STATUS_NO_MEMORY

**What I've done so far** Installed samba, samba-common samba-client mkdir /mnt/smb Within the /etc/samba/smb.conf

workgroup = MYSERVER.ads.com

Right at the bottom

[smb]
comment = SMB
path = /mnt/smb
browsable = yes
writable = yes
read only = no
guest ok = yes
create mask = 0666
directory mask = 0777
force directory mode = 0777
valid users = @admin, @staff, @developer

sudo service smbd restart test parm sudo smbclient "//windows-2016-dc/SMB" -U administrator

I have set up a server with Fedora 33 and joined it to an Active Directory. This worked successful and users can authenticate themselves with their Active Directory user names. I can also see my Linux computer in the Active Directory under "Computers". Now I would like to mount a SMB share. However, I am unable to do so and I don't know why. I log in to the server using my AD username and password, which works fine. I can also list my Kerberos tickets: $ klist Ticket cache: KCM:1089742435:31950 Default principal: username@DOMAIN Valid starting Expires Service principal 02/10/2021 11:14:34 02/10/2021 21:14:34 krbtgt/DOMAIN@DOMAIN renew until 02/11/2021 11:14:34 so far, this looks good in my opinion. Then, I try to list the SMB shares: smbclient -L //server/share -m SMB3 -k however, this fails, even though I should have access with my Kerberos ticket. The error shown is: gensec_spnego_client_negTokenInit_step: gse_krb5: creating NEG_TOKEN_INIT for cifs/nas-iap.unibe.ch failed (next[(null)]): NT_STATUS_INVALID_PARAMETER session setup failed: NT_STATUS_INVALID_PARAMETER I don't understand this error. If I try without the -k parameter, the username is correct and I can enter my AD password and see all shares: $ smbclient -L //server/share -m SMB3 Enter username@DOMAIN's password: Sharename Type Comment --------- ---- ------- (fancy list of all shares available) SMB1 disabled -- no workgroup available What is interesting, though, is that kinit -k fails for reasons I don't understand: $ kinit -k kinit: Client 'host/computername@DOMAIN' not found in Kerberos database while getting initial credentials My first step should be to be able to mount the SMB shares. Later on I would like to add them to the fstab with the multiuser option.

I am trying to write shell script in Linux server, which will notify the user about arrival of new file on Windows shared drive. Most of the solutions suggests following approach: 1. Mount Windows shared folder on Linux 2. Enable polling through Linux shell scripting. However I want to achieve this operation without mounting Windows drive on Linux, as mount operation is not allowed due to access issues.