October 15, 20241 yr I have a windows 7 vm that has issues connecting SMB to my unraid server. It connects, but seems like it may be hitting some connection limit. New connections are sometimes refused and existing ones seem to error out sometimes. I see this log message repeated many times. Oct 9 19:18:23 Tower smbd[4717]: reply_sesssetup_and_X: Rejecting attempt at 'normal' session setup after negotiating spnego. Oct 9 19:33:23 Tower smbd[19709]: [2024/10/09 19:33:23.204731, 0] ../../source3/smbd/smb1_sesssetup.c:858(reply_sesssetup_and_X) Oct 9 19:33:23 Tower smbd[19709]: reply_sesssetup_and_X: Rejecting attempt at 'normal' session setup after negotiating spnego. Oct 9 19:48:23 Tower smbd[34248]: [2024/10/09 19:48:23.313325, 0] ../../source3/smbd/smb1_sesssetup.c:858(reply_sesssetup_and_X) Oct 9 19:48:23 Tower smbd[34248]: reply_sesssetup_and_X: Rejecting attempt at 'normal' session setup after negotiating spnego. Oct 9 20:03:23 Tower smbd[8217]: [2024/10/09 20:03:23.438930, 0] ../../source3/smbd/smb1_sesssetup.c:858(reply_sesssetup_and_X) Oct 9 20:03:23 Tower smbd[8217]: reply_sesssetup_and_X: Rejecting attempt at 'normal' session setup after negotiating spnego. There are also some instances of smb_panic and segmentation fault on smbd. I did recently upgrade to 6.12.13 about 8 days ago. I'm not sure if it was happening before the upgrade or not. If it was, I don't think it was quite as bad. tower-diagnostics-20241015-1158.zip
October 16, 20241 yr Community Expert in terminal what is the output of testparm What edits have you done if any to your smb conf? example: root@BMM-Unraid:~# testparm Load smb config files from /etc/samba/smb.conf lpcfg_do_global_parameter: WARNING: The "null passwords" option is deprecated Loaded services file OK. Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback) Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions # Global parameters [global] bind interfaces only = Yes disable spoolss = Yes interfaces = 192.168.2.254/24 127.0.0.1 100.117.155.111/24 load printers = No logging = syslog@0 map to guest = Bad User max open files = 40960 multicast dns register = No nmbd bind explicit broadcast = No ntlm auth = ntlmv1-permitted null passwords = Yes os level = 100 passdb backend = smbpasswd printcap name = /dev/null security = USER server min protocol = NT1 server string = VM - Docker Server show add printer wizard = No smb1 unix extensions = No fruit:nfs_aces = No idmap config * : range = 3000-7999 idmap config * : backend = tdb acl allow execute always = Yes aio read size = 0 aio write size = 0 create mask = 0777 directory mask = 0777 hide dot files = No include = /etc/samba/smb-shares.conf invalid users = root use sendfile = Yes wide links = Yes [share name example] browseable = No comment = ZFS Backup Core Services guest ok = Yes path = /mnt.user.%name% read only = No vfs objects = catia fruit streams_xattr fruit:encoding = native
October 17, 20241 yr Author testpram output: testparm Load smb config files from /etc/samba/smb.conf lpcfg_do_global_parameter: WARNING: The "null passwords" option is deprecated Loaded services file OK. Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback) Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions # Global parameters [global] bind interfaces only = Yes disable spoolss = Yes host msdfs = No interfaces = 192.168.200.15 10.253.0.1 127.0.0.1 load printers = No logging = syslog@0 map to guest = Bad User max open files = 40960 multicast dns register = No ntlm auth = ntlmv1-permitted null passwords = Yes os level = 100 passdb backend = smbpasswd printcap name = /dev/null security = USER server min protocol = NT1 server multi channel support = No server string = Media server show add printer wizard = No smb1 unix extensions = No fruit:nfs_aces = No idmap config * : range = 3000-7999 idmap config * : backend = tdb acl allow execute always = Yes aio read size = 0 aio write size = 0 create mask = 0777 directory mask = 0777 hide dot files = No include = /etc/samba/smb-shares.conf invalid users = root use sendfile = Yes wide links = Yes [Cache2] comment = Cache2 include = /etc/samba/unassigned-shares/Cache2.conf path = /mnt/disks/Cache2 valid users = XXXX vfs objects = dirsort write list = XXXX [CommunityApplicationsAppdataBackup] guest ok = Yes path = /mnt/user/CommunityApplicationsAppdataBackup read only = No [Downloads] guest ok = Yes path = /mnt/user/Downloads read only = No [VirtualMachines] guest ok = Yes path = /mnt/user/VirtualMachines read only = No [appdata] comment = application data guest ok = Yes path = /mnt/user/appdata read only = No [drivepool] guest ok = Yes path = /mnt/user/drivepool write list = XXXX [pure-ftpd] guest ok = Yes path = /mnt/user/pure-ftpd read only = No smb.conf: smb.conf [global] # configurable identification include = /etc/samba/smb-names.conf # log stuff only to syslog logging = syslog@0 # we don't do printers show add printer wizard = No disable spoolss = Yes load printers = No printing = bsd printcap name = /dev/null # disable aio by default aio read size = 0 aio write size = 0 # misc. invalid users = root unix extensions = No wide links = Yes use sendfile = Yes host msdfs = No # ease upgrades from Samba 3.6 acl allow execute always = Yes # permit NTLMv1 authentication ntlm auth = Yes # default global fruit settings: #fruit:aapl = Yes #fruit:nfs_aces = Yes fruit:nfs_aces = No #fruit:copyfile = No #fruit:model = MacSamba # hook for user-defined samba config include = /boot/config/smb-extra.conf [global] # hook for unassigned devices shares include = /etc/samba/smb-unassigned.conf # auto-configured shares include = /etc/samba/smb-shares.conf I don't believe I've made any changes to smb.conf, or at least none recently. The issues I was having did motivate me to finally build a linux VM to do the services I had running on windows 7. I'm still open to suggestion if there is something that is configured wrong on the server.
October 17, 20241 yr Community Expert ok. Most likely you are using a apple osx that is trying to negotiate a smb 2 or hight protocal to connect to samba shares...I made a post on editing unraids smb conf to incoperate samba edits. Because you are getting samba error regarding the session:]: [2024/10/09 19:48:23.313325, 0] ../../source3/smbd/smb1_sesssetup.c:858(reply_sesssetup_and_X)we may need to add aadition global option to smb extra parm or make other additional edits... as you want a netwrok min level of smb2 and not the windows 95 compatiable of ntm1https://192.168.2.254/Settings/SMB The error you're seeing, specifically "Rejecting attempt at 'normal' session setup after negotiating SPNEGO," indicates that the Samba server is rejecting attempts to set up a session using the older SMB1 protocol after negotiating the use of SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism). This usually occurs because modern versions of Samba default to disabling SMB1 due to its security vulnerabilities.To mitigate this, there are a couple of approaches depending on your specific needs: Enable SMB2/SMB3 (recommended): Ensure that your clients are using SMB2 or SMB3 instead of SMB1, which is more secure and modern. SMB1 is known for having security issues (such as the infamous WannaCry attack exploiting it). You can enforce this by adjusting the Samba global settings.In your smb.conf file (usually located in /etc/samba/smb.conf), ensure that these parameters are set under the [global] section: [global] min protocol = SMB2 max protocol = SMB3 This ensures that the server only accepts SMB2 and SMB3 connections, which will avoid triggering these errors. Clients must also support these protocols, but most modern systems do. If you absolutely need to enable SMB1 (not recommended for security reasons): If for some reason you have older clients that only support SMB1 and you need to enable it, you can allow SMB1 by adjusting the smb.conf file: as seen in other post on how i had to make other edits at one time...adn unraid is still using the older nt1/smb1 portcal... Edited November 29, 2025Nov 29 by bmartino1
October 17, 20241 yr Community Expert also this is not an working smb settings: [Cache2] comment = Cache2 include = /etc/samba/unassigned-shares/Cache2.conf path = /mnt/disks/Cache2 valid users = XXXX vfs objects = dirsort write list = XXXX what you have done here is make a samba share name without a mount point... If you want a incled file look at teh bottom of your smb confi. in samba extra review bottom of you smb.conf... [global] # hook for unassigned devices shares include = /etc/samba/smb-unassigned.conf # auto-configured shares include = /etc/samba/smb-shares.conf [global] # hook for cache disk ?Unasgned drive didn't make this did it? include = /etc/samba/unassigned-shares/Cache2.conf the include file shouldn't be a part of the share itself and should be called under the global option before the [sharename] Edited October 17, 20241 yr by bmartino1
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.