Set the SMB protocol

[jaysonhelseth]

Our organization has shutdown the use of SMB protocol (version) 1.0. Is there a way to force php smbclient to use a different protocol such as 2.0, 2.1, or 3.0?

[eduardok]

Try adding these lines to the [global] section of you smb.conf (on the server you have php smbclient installed):
min protocol = LANMAN2
max protocol = SMB3

Then retry connecting.

[jaysonhelseth]

I added the settings that you suggested and even restarted the server. I still couldn't even see the shared folder. I am using smbclient 4.1.12 on CentOS 7.1 64bit. The smbclient command failed too. Once I added -mSMB3 to the smbclient command I saw folder information. I just want to be able to do something like that for the php smbclient library.

[eduardok]

I will take a look, and see what command-line smbclient is using, and have an idea of how easy it would be to implement.

[jvillafanez]

Bump!

I'd also like to have an option to set the min and max protocols for the connection. I need to force a SMB2 protocol to connect correctly to a server, otherwise there are issues with the target SMB server (this also happens with the smbclient binary, so it isn't an issue with this library)

Setting the client min and max protocols in the smb.conf file is fine as a workaround (it's working fine with this library also), but this will likely affect to connections to other servers, which is something I'd like to avoid.

[chrone81]

@jvillafanez do you able to browse SMB2/SMB3 in you PHP app?

I use Nextcloud 12 and php-smbclient from PECL on Ubuntu 16.04.2. I could not browse SMB2/SMB3 on Windows with joined Domain but I could browse the shared folder using smbclient CLI though.

Both of below commands work though:
smbclient //dfs/Data -U domain\\chrone81 -m SMB3
smbclient //dfs/Data -U domain/chrone81 -m SMB3

Due to recent WannaCry vulnerability, most Windows machines disabled SMBv1. Looking forward for this SMB2/3 protocol be implemented in future php-smbclient.

Thanks for the work @eduardok :)

[jvillafanez]

it works in ownCloud ¯_(ツ)_/¯ . No problems browsing with SMB2 protocol.

[aklomp]

From looking at the code, the -M in smbclient seems to send a NETBIOS message to the server. The library that we wrap, libsmbclient, does not have any methods to send NETBIOS messages, nor does it seem to have a method to set the SMB version. We'd have to implement the NETBIOS protocol by ourselves to be able to do that, and that's far, far out of scope of this wrapper. The way forward seems to be either to use another PHP library to send the NETBIOS message, or to add the functionality upstream inside libsmbclient itself.

[jvillafanez]

@aklomp it isn't that option. -M is used to send a message to a host (as far as I understand), but -m is used to set the max protocol the client will use. (It's weird you can't set the minimum protocol from the command line)

[aklomp]

@jvillafanez You're right, after some digging around this seems to be the option you're talking about. It's in a Samba4 library that handles commandline option parsing.

Searching on the string maxprotocol, we find traces of it inside Samba4's header for "libcli". Apparently this "libcli" thing is Samba4's replacement for the old smbclient, and thus maybe also for the old libsmbclient (the library our project is wrapping). Is libsmbclient now "legacy"? Should we migrate to this new "libcli" thing?

Fact is that the libsmbclient header hasn't been updated in a long time and doesn't have any hooks through which to set the protocol version (which sort of ends the discussion on this issue as far as this project is concerned, since we can only use what libsmbclient provides). If the other Samba stuff uses libcli features, and libcli is being actively developed, then we're probably a generation behind. Hmm.

[stefanotoro]

For my understanding this problem is not resolved, and the module is not compatible with SMB v2/v3, right ?
If it is compatible, please send us the real step to install (with dependencies) and configure it.
Thank you

[protocol6v]

I am running into the same issues, so I would tend to agree the issue is not resolved. If it was, I haven't been able to find the proper steps for working around it. Anybody have anything?

[stefanotoro]

Nope for us, we don't use anymore with tool.

[urbenlegend]

Hi all, I ran into the same issue when trying to mount an external file storage into Nextcloud. I found out I was able to get php-smbclient to negotiate using SMB2+ by adding

[global]
client max protocol = SMB3

Note that you should use client max protocol rather than max protocol. max protocol is a synonym for max server protocol which controls the max protocol that the SMB server will negotiate. However, in this case we want to tell php-smbclient to use a higher protocol when connecting to a SMB server, so we need to add client max protocol to the machine that's using php-smbclient. This is probably why @jaysonhelseth was still having issues after making the changes proposed by @eduardok in #53 (comment)

[fsmeets]

What @urbenlegend said is correct. On FreeBSD I added those two lines to /usr/local/etc/smb4.conf

This was with nextcloud 13.0 RC1 and samba 4.6.12 installed.

[protocol6v]

Hi All,

I really, REALLY want to get this working, but still having the same issues after adding "client max protocol = SMB3" to the smb.conf on CentOS NC 12.0.4 server.

Did you make any other changes to get it to work? Am I modifying the wrong file? (/etc/samba/smb.conf)?

I tried restarting Samba, as well as a full server reboot after making the change.

Thanks!

[fsmeets]

I'd try to also "set client min protocol = ..." depending on the samba version it might use older protocol versions by default and needs to be forced to user higher versions. But that's just a guess. That's what I'd try next.

[protocol6v]

I tried adding both of those options with absolutely no effect. I did finally solve it though...

I ended up having to add remi-stable repo, install php71-php-smbclient and libsmbclient-devel. I then installed 'smbclient' via pecl. Added 'extension=smbclient.so' to php.ini, rebooted and BAM! my SMB's mounted when I logged into NextCloud.

Here are the steps I took for anyone else having the problem. I am running Centos 7 with PHP7.1:

wget http://rpms.famillecollet.com/enterprise/7/remi/x86_64/remi-release-7.4-1.el7.remi.noarch.rpm
rpm -Uvh remi-release-7.4-1.el7.remi.noarch.rpm
yum --enablerepo=remi-test
yum install php71w-devel libsmbclient-devel php71-php-smbclient gcc 
pecl install smbclient
nano /etc/php.ini >> add extension=smbclient.so to "Dynamic Extensions" section
reboot

Maybe some of this was unnecessary, and maybe someone who knows this stuff better than me can comment, but hell, it's working now.

[remicollet]

@protocol6v the steps you are totally wrong: you mix php71w (webatic) packages and php71-php one (scl from my repo) and sources build (pecl install).

Simply follow the Wizard instructions

[protocol6v]

Thanks Remi, i'll give that a try on my next build. I've tried so many things to get this working, and nothing from one place seemed to do the trick. Also, the SMB mounts in NC12 now seem SIGNIFICANTLY faster with what I did than they previously did in NC11. I hope this holds true with your (correct) solution.

Will report back once i test.

[jvillafanez]

Let me remind everyone that this is the libsmbclient-php issue tracker, not ownCloud nor nextcloud ones. Nobody cares about what apps above the library are doing.

You have #53 (comment) as a workaround for the problem until we get a proper solution, which given the explanations I doubt it comes (that's how it is, no hard feelings), so I guess this can be closed as "won't fix" or "out of scope"

[JSzaszvari]

Try adding these lines to the [global] section of you smb.conf (on the server you have php smbclient installed):
min protocol = LANMAN2
max protocol = SMB3

Then retry connecting.

@eduardok Don't you mean

client min protocol = LANMAN2
client max protocol = SMB

[wouterVE]

I've had similar problems in Ubuntu 16.04 using NC 16.
After disabling SMBv1 the external windows shares didn't mount throwing this error in the log:

Icewind\SMB\Exception\TimedOutException: /company/IT/company%20ltd/company%20Cloud/Sales
/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeState.php - line 62:
Icewind\SMB\Exception\Exception::fromMap({ 1: "Icewin ... "}, 110, "/company/IT/company ... s")
/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeState.php - line 74:
Icewind\SMB\Native\NativeState->handleError("/company/IT/company ... s")
/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeState.php - line 184:
Icewind\SMB\Native\NativeState->testResult("*** sensiti ... *", "smb://company-0 ... s")
/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeShare.php - line 133:
Icewind\SMB\Native\NativeState->stat("smb://company-0 ... s")
/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeShare.php - line 112:
Icewind\SMB\Native\NativeShare->getStat("/company/IT/company ... s")
/var/www/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php - line 169:
Icewind\SMB\Native\NativeShare->stat("/company/IT/company ... s")
/var/www/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php - line 272:
OCA\Files_External\Lib\Storage\SMB->getFileInfo("/company/IT/company ... s")
/var/www/nextcloud/lib/private/Files/Storage/Common.php - line 452:
OCA\Files_External\Lib\Storage\SMB->stat("")
/var/www/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php - line 586:
OC\Files\Storage\Common->test()
/var/www/nextcloud/apps/files_external/lib/config.php - line 269:
OCA\Files_External\Lib\Storage\SMB->test("*** sensiti ... *", "*** sensiti ... *")
/var/www/nextcloud/apps/files_external/lib/Controller/StoragesController.php - line 256:
OC_Mount_Config::getBackendStatus("*** sensiti ... *")
/var/www/nextcloud/apps/files_external/lib/Controller/StoragesController.php - line 305:
OCA\Files_External\Controller\StoragesController->updateStorageStatus("*** sensiti ... *")
/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 166:
OCA\Files_External\Controller\StoragesController->show(22, "*** sensiti ... *")
/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 99:
OC\AppFramework\Http\Dispatcher->executeController(OCA\Files_Ex ... {}, "show")
/var/www/nextcloud/lib/private/AppFramework/App.php - line 126:
OC\AppFramework\Http\Dispatcher->dispatch(OCA\Files_Ex ... {}, "show")
/var/www/nextcloud/lib/private/AppFramework/Routing/RouteActionHandler.php - line 47:
OC\AppFramework\App::main("OCA\\Files_ ... r", "show", OC\AppFramew ... {}, { id: "22",_ ... "})
<<closure>>
OC\AppFramework\Routing\RouteActionHandler->__invoke({ id: "22",_ ... "})
/var/www/nextcloud/lib/private/Route/Router.php - line 297:
call_user_func(OC\AppFramew ... {}, { id: "22",_ ... "})
/var/www/nextcloud/lib/base.php - line 975:
OC\Route\Router->match("/apps/files ... 2")
/var/www/nextcloud/index.php - line 42:
OC::handleRequest()

After adding the following code to my /etc/smb.conf my shares were immediately available again

client min protocol = SMB2
client max protocol = SMB3

(note: SMB2 may possible be changed to LANMAN2 as well not sure)

[eduardok]

From libsmbclient's manual page: "When libsmbclient is invoked by an application it searches for a directory called .smb in the $HOME directory that is specified in the users shell environment. It then searches for a file called smb.conf which, if present, will fully over-ride the system /etc/samba/smb.conf file. If instead libsmbclient finds a file called ~/.smb/smb.conf.append, it will read the system /etc/samba/smb.conf and then append the contents of the ~/.smb/smb.conf.append to it."

The server can force it via (example):

min protocol = SMB2
max protocol = SMB3

But the client should ideally just match it via (example):

client min protocol = SMB2
client max protocol = SMB3

Because of that option (config files), I don't believe anything needs to be changed on php-smbclient, but I've introduced smbclient_client_protocols, see branch issue53: a25e600

[mmattel]

I have filed an issue but have overseen this one, see #77

Please add this feature quickly (and provide it also via pecl), it is needed a lot.

As a reason for having it, imagine the situation where you have one (or a view) older smb fileservers and some new ones. This situation has a deadlock. When setting in smb.conf the client min protocol = NT1 you can access the older ones, but lock out the new ones and vice versa. Having an option you can handover per connection, solves this issue. This would be inline when using smbclient from the command line with the -m NT1 option.

[eduardok]

I've just released v1.0.2 via PECL, that introduces smbclient_client_protocols($state, 'min protocol', 'max protocol'), where you can call it like:

smbclient_client_protocols($state, 'NT1', 'SMB3');

or

smbclient_client_protocols($state, 'SMB3', 'SMB3');

Took a leap of faith and set it as a stable release after some manual tests and tcpdump'ing.
There is no function to return the current min and max protocols, so I chose not to make it long as smbclient_set_client_protocols or similar, but fine to rename if it helps enough people (for better clarity).

[remicollet]

I think it could be useful to also allow to set these values in context for stream users

So, see PR #78