I am running Samba version 4.11.6 on Ubuntu 20.04 LTS Server. Ubuntu and Windows 10 clients are able to access shares directly by name, but attempting to browse the server’s shares fails, because the client’s request for the IPC$ share is denied due to lack of encryption or signing of the request, even when the server is configured not to require encryption or signing:
[global] nt pipe support = no netbios name = fileserver workgroup = WORKGROUP server string = %h dns proxy = yes name resolve order = lmhosts host wins bcast interfaces = enp1s0 lo bind interfaces only = yes log level = 9 max log size = 1000 panic action = /usr/share/samba/panic-action %d security = user map to guest = bad user guest account = nobody force group = +mydocs encrypt passwords = true passdb backend = tdbsam invalid users = root domain logons = no load printers = no socket options = TCP_NODELAY client max protocol = default local master = yes preferred master = yes os level = 65 guest ok = yes client ipc signing = off smb encrypt = off [my_documents] comment = My Documents path = /export/share/my_documents browseable = yes writable = yes create mask = 0775 guest ok = yes
[2020/08/02 16:17:36.842128, 4] ../../source3/smbd/sec_ctx.c:319(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2020/08/02 16:17:36.842185, 5] ../../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2020/08/02 16:17:36.842221, 5] ../../source3/auth/token_util.c:873(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2020/08/02 16:17:36.842282, 5] ../../source3/smbd/uid.c:503(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2020/08/02 16:17:36.842361, 1] ../../source3/smbd/smb2_tcon.c:229(smbd_smb2_tree_connect) smbd_smb2_tree_connect: reject request to share [IPC$] as 'FILESERVER\james' without encryption or signing. Disconnecting. [2020/08/02 16:17:36.842405, 3] ../../source3/smbd/smb2_server.c:3254(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_tcon.c:142
I have also tried explicitly defining an IPC$ share (even though it shouldn’t be necessary) at path /tmp with encryption and signing disabled and guest access enabled, no difference.
Alternatively, is there some Windows-fu I can use to make it sign and/or encrypt requests for IPC$?