Skip to Main Content
Forums

Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Solaris 11.3 no longer able to talk to AD with SMB1 disabled

Andrew WatkinsJul 12 2018 — edited Jul 30 2018

Last night my clever Windows Administrator decided to disable SMB1 on Windows 2012R2 AD servers, which meant my Solaris 11.3 SMB server failed.

Errors:
Jul 11 20:06:33 filesrv smbd[667]: [ID 649633 daemon.notice] ndr_rpc_bind[tid=410339]: \\dcsntdc03.dcs.bbk.ac.uk\PIPE\lsarpc: Connection reset by peer (131)
Jul 11 20:06:33 filesrv smbd[667]: [ID 649633 daemon.notice] ndr_rpc_bind[tid=9]: \\dcsntdc01.dcs.bbk.ac.uk\PIPE\srvsvc: Connection reset by peer (131)
Jul 11 20:06:33 filesrv smbd[667]: [ID 649633 daemon.notice] ndr_rpc_bind[tid=9]: \\dcsntdc02.dcs.bbk.ac.uk\PIPE\srvsvc: Connection reset by peer (131)
Jul 11 20:06:33 filesrv smbd[667]: [ID 649633 daemon.notice] ndr_rpc_bind[tid=410339]: \\dcsntdc03.dcs.bbk.ac.uk\PIPE\lsarpc: Connection reset by peer (131)
Jul 11 20:06:33 filesrv smbd[667]: [ID 649633 daemon.notice] ndr_rpc_bind[tid=9]: \\dcsntdc01.dcs.bbk.ac.uk\PIPE\srvsvc: Connection reset by peer (131)
Jul 11 20:06:33 filesrv smbd[667]: [ID 649633 daemon.notice] ndr_rpc_bind[tid=9]: \\dcsntdc02.dcs.bbk.ac.uk\PIPE\srvsvc: Connection reset by peer (131)
and rejoining the domain gets:
# smbadm join -u admin dcs.bbk.ac.uk
After joining dcs.bbk.ac.uk the smb service will be restarted automatically.
Would you like to continue? [no]: yes
Enter domain password: 
Locating DC in dcs.bbk.ac.uk ... this may take a minute ...
Jul 12 12:37:48 atlasold smbd[8065]: [ID 649633 daemon.notice] ndr_rpc_bind[tid=7]: \\dcsntdc01.dcs.bbk.ac.uk\PIPE\srvsvc: Network is unreachable (128)
Jul 12 12:37:58 atlasold smbd[8065]: [ID 830222 daemon.notice] ndr_rpc_uncgen: \srvsvc: no server
Jul 12 12:38:03 atlasold smbd[8065]: [ID 649633 daemon.notice] ndr_rpc_bind[tid=7]: \\.\PIPE\srvsvc: unable to resolve server name (61)
Jul 12 12:38:03 atlasold smbd[8065]: [ID 830222 daemon.notice] ndr_rpc_uncgen: \lsarpc: no server
Jul 12 12:38:08 atlasold smbd[8065]: [ID 649633 daemon.notice] ndr_rpc_bind[tid=7]: \\.\PIPE\lsarpc: unable to resolve server name (61)
failed to find any domain controllers for dcs.bbk.ac.uk
# Jul 12 12:38:18 atlasold smbd[8065]: [ID 702911 daemon.error] smbd: failed locating domain controller for dcs.bbk.ac.uk

So, it looks like it is using SMB1 to make the connection, but unable to see how to force it to use SMB2. I am unable to change the client_maxprotocol  either.

# sharectl get smb
system_comment=
max_workers=1024
max_connections=32768
netbios_scope=
client_lmauth_level=4
server_lmauth_level=5
keep_alive=900
wins_server_1=
wins_server_2=
wins_exclude=
client_signing_required=false
server_signing_enabled=false
server_signing_required=false
client_maxprotocol=1
server_maxprotocol=2.0
restrict_anonymous=false
enforce_vczero=true
pdc=
ads_site=
ddns_enable=false
dns_suffix=
autohome_map=/etc
ipv6_enable=true
print_enable=false
map=
unmap=
disposition=
sharectl set -p client_maxprotocol=2 smb
Could not set property client_maxprotocol: invalid property value

Tested Solaris 11.4 and it all works, so do I have to wait for 11.4 to be released?

Thanks

Andrew
This post has been answered by Andrew Watkins on Jul 12 2018
Jump to Answer
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Aug 27 2018
Added on Jul 12 2018
#oracle-solaris, #solaris-11
3 comments
1,332 views