OmniOS and SMBv1?

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
S

securityfirst

New Member
Feb 14, 2018
1
0
1
43
Hi

We are currently evaluating a storage appliance built on OmniOS v11 r151020 and can't join it to our Active Directory Domain with Windows Server 2016 Domain Controllers with SMBv1 disabled.

We have done a lot of troubleshooting and always end up with the following errors:
smbd[3792]: [ID 504517 daemon.error] smbd: failed getting domain info for OURDOMAIN.LOCAL (NETWORK_ACCESS_DENIED)
smbd[3792]: [ID 871254 daemon.error] smbd: failed joining OURDOMAIN.LOCAL (NETWORK_ACCESS_DENIED)
smbd[3792]: [ID 931549 daemon.error] ndr_rpc_bind: smbrdr_ctx_new(Srv=OUR-DC.LOCAL Dom=OURDOMAIN.LOCAL User=administrator), NETWORK_ACCESS_DENIED (0xc00000ca)
smbd[3792]: [ID 504517 daemon.error] smbd: failed getting domain info for OURDOMAIN.LOCAL (NETWORK_ACCESS_DENIED)
smbd[3792]: [ID 871254 daemon.error] smbd: failed joining OURDOMAIN.LOCAL (NETWORK_ACCESS_DENIED)

We have tried changing various parameters like the following:
sharectl set -p lmauth_level=4 smb
sharectl set -p max_protocol=3.0 smb
sharectl set -p pdc=x.x.x.x smb
sharectl set -p ddns_enable=false smb
sharectl set -p ads_site="Default-First-Site-Name" smb

But I have a bad feeling that OmniOS/Solaris only supports SMBv1 for this and was hoping to get a conformation on that from this forum?
Or maybe some settings we haven't thought of yet. (Our experience with OmniOS/Solaris is minimal after all.)
 
G

gea

Well-Known Member
Dec 31, 2010
3,161
1,195
113
DE
This is not a question of the OS but the SMB server.

I would expect that the Solarish ZFS/kernelbased SMB v 2.1 server on OmniOS requires SMB v1 to establish communication. This may be different on Solaris (11.4 comes with a new kernelbased SMB3 server) or Nexentastor (based on Illumos like OmniOS but with SMB3 now) or the usual SAMBA that you can use on any X.
 
Last edited:
N

nle

Member
Oct 24, 2012
204
11
18
Any news on the SMB support? The progress is on 90 % on the link @gea provided, but then it seemed to stop?

We're seeing some quirks regarding locked files (ie. photoshop/PSD files often get locked when editing, and not allowing you to save and overwrite, so you need to save to a new file – manually delete the old and rename). I'm hoping that is an issue that disappears with a newer implementation of SMB.
 
G

gea

Well-Known Member
Dec 31, 2010
3,161
1,195
113
DE
This is only about the SMB 2 client in Illumos. You only need the newer client to join a Windows Domain where SMB1 is disabled.

Your problem seems more related to either nbmand (ZFS property) or oplock settings (SMB property, see Services > SMB > Properties)
 
  • Like
Reactions: nle
C

chune

Member
Oct 28, 2013
119
23
18
has anybody confirmed joining a domain works with SMBv1 disabled? I'm assuming normal CIFS fileshares work with SMBv1 disabled now too?
 
G

gea

Well-Known Member
Dec 31, 2010
3,161
1,195
113
DE
I have not tried but I asume that it works as the OmniOS SMB client is also SMB 2/3 so no need for SMB1 on AD side.
 
You must log in or register to reply here.
Top Bottom