Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

SMB Errors

Featured Replies

I have a windows 7 vm that has issues connecting SMB to my unraid server.  It connects, but seems like it may be hitting some connection limit.  New connections are sometimes refused and existing ones seem to error out sometimes. 

I see this log message repeated many times.
 


Oct  9 19:18:23 Tower smbd[4717]:   reply_sesssetup_and_X:  Rejecting attempt at 'normal' session setup after negotiating spnego.
Oct  9 19:33:23 Tower smbd[19709]: [2024/10/09 19:33:23.204731,  0] ../../source3/smbd/smb1_sesssetup.c:858(reply_sesssetup_and_X)
Oct  9 19:33:23 Tower smbd[19709]:   reply_sesssetup_and_X:  Rejecting attempt at 'normal' session setup after negotiating spnego.
Oct  9 19:48:23 Tower smbd[34248]: [2024/10/09 19:48:23.313325,  0] ../../source3/smbd/smb1_sesssetup.c:858(reply_sesssetup_and_X)
Oct  9 19:48:23 Tower smbd[34248]:   reply_sesssetup_and_X:  Rejecting attempt at 'normal' session setup after negotiating spnego.
Oct  9 20:03:23 Tower smbd[8217]: [2024/10/09 20:03:23.438930,  0] ../../source3/smbd/smb1_sesssetup.c:858(reply_sesssetup_and_X)
Oct  9 20:03:23 Tower smbd[8217]:   reply_sesssetup_and_X:  Rejecting attempt at 'normal' session setup after negotiating spnego.

There are also some instances of smb_panic and segmentation fault on smbd. 

I did recently upgrade to 6.12.13 about 8 days ago.  I'm not sure if it was happening before the upgrade or not.  If it was, I don't think it was quite as bad.

tower-diagnostics-20241015-1158.zip

  • Community Expert

in terminal what is the output of testparm

What edits have you done if any to your smb conf?

example:
 

root@BMM-Unraid:~# testparm
Load smb config files from /etc/samba/smb.conf
lpcfg_do_global_parameter: WARNING: The "null passwords" option is deprecated
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)

Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
        bind interfaces only = Yes
        disable spoolss = Yes
        interfaces = 192.168.2.254/24 127.0.0.1 100.117.155.111/24
        load printers = No
        logging = syslog@0
        map to guest = Bad User
        max open files = 40960
        multicast dns register = No
        nmbd bind explicit broadcast = No
        ntlm auth = ntlmv1-permitted
        null passwords = Yes
        os level = 100
        passdb backend = smbpasswd
        printcap name = /dev/null
        security = USER
        server min protocol = NT1
        server string = VM - Docker Server
        show add printer wizard = No
        smb1 unix extensions = No
        fruit:nfs_aces = No
        idmap config * : range = 3000-7999
        idmap config * : backend = tdb
        acl allow execute always = Yes
        aio read size = 0
        aio write size = 0
        create mask = 0777
        directory mask = 0777
        hide dot files = No
        include = /etc/samba/smb-shares.conf
        invalid users = root
        use sendfile = Yes
        wide links = Yes


[share name example]
        browseable = No
        comment = ZFS Backup Core Services
        guest ok = Yes
        path = /mnt.user.%name%
        read only = No
        vfs objects = catia fruit streams_xattr
        fruit:encoding = native

 

  • Author

testpram output:

testparm
Load smb config files from /etc/samba/smb.conf
lpcfg_do_global_parameter: WARNING: The "null passwords" option is deprecated
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)

Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
        bind interfaces only = Yes
        disable spoolss = Yes
        host msdfs = No
        interfaces = 192.168.200.15 10.253.0.1 127.0.0.1
        load printers = No
        logging = syslog@0
        map to guest = Bad User
        max open files = 40960
        multicast dns register = No
        ntlm auth = ntlmv1-permitted
        null passwords = Yes
        os level = 100
        passdb backend = smbpasswd
        printcap name = /dev/null
        security = USER
        server min protocol = NT1
        server multi channel support = No
        server string = Media server
        show add printer wizard = No
        smb1 unix extensions = No
        fruit:nfs_aces = No
        idmap config * : range = 3000-7999
        idmap config * : backend = tdb
        acl allow execute always = Yes
        aio read size = 0
        aio write size = 0
        create mask = 0777
        directory mask = 0777
        hide dot files = No
        include = /etc/samba/smb-shares.conf
        invalid users = root
        use sendfile = Yes
        wide links = Yes


[Cache2]
        comment = Cache2
        include = /etc/samba/unassigned-shares/Cache2.conf
        path = /mnt/disks/Cache2
        valid users = XXXX
        vfs objects = dirsort
        write list = XXXX


[CommunityApplicationsAppdataBackup]
        guest ok = Yes
        path = /mnt/user/CommunityApplicationsAppdataBackup
        read only = No


[Downloads]
        guest ok = Yes
        path = /mnt/user/Downloads
        read only = No


[VirtualMachines]
        guest ok = Yes
        path = /mnt/user/VirtualMachines
        read only = No


[appdata]
        comment = application data
        guest ok = Yes
        path = /mnt/user/appdata
        read only = No


[drivepool]
        guest ok = Yes
        path = /mnt/user/drivepool
        write list = XXXX


[pure-ftpd]
        guest ok = Yes
        path = /mnt/user/pure-ftpd
        read only = No

 

smb.conf:
 

 smb.conf
[global]
        # configurable identification
        include = /etc/samba/smb-names.conf

        # log stuff only to syslog
        logging = syslog@0

        # we don't do printers
        show add printer wizard = No
        disable spoolss = Yes
        load printers = No
        printing = bsd
        printcap name = /dev/null

        # disable aio by default
        aio read size = 0
        aio write size = 0

        # misc.
        invalid users = root
        unix extensions = No
        wide links = Yes
        use sendfile = Yes
        host msdfs = No

        # ease upgrades from Samba 3.6
        acl allow execute always = Yes
        # permit NTLMv1 authentication
        ntlm auth = Yes

        # default global fruit settings:
        #fruit:aapl = Yes
        #fruit:nfs_aces = Yes
        fruit:nfs_aces = No
        #fruit:copyfile = No
        #fruit:model = MacSamba

        # hook for user-defined samba config
        include = /boot/config/smb-extra.conf

[global]
        # hook for unassigned devices shares
        include = /etc/samba/smb-unassigned.conf

        # auto-configured shares
        include = /etc/samba/smb-shares.conf

 

 

I don't believe I've made any changes to smb.conf, or at least none recently.  The issues I was having did motivate me to finally build a linux VM to do the services I had running on windows 7.  I'm still open to suggestion if there is something that is configured wrong on the server.

  • Community Expert

ok. Most likely you are using a apple osx that is trying to negotiate a smb 2 or hight protocal to connect to samba shares...

I made a post on editing unraids smb conf to incoperate samba edits.
 
Because you are getting samba error regarding the session:
]: [2024/10/09 19:48:23.313325, 0] ../../source3/smbd/smb1_sesssetup.c:858(reply_sesssetup_and_X)

we may need to add aadition global option to smb extra parm or make other additional edits... as you want a netwrok min level of smb2 and not the windows 95 compatiable of ntm1

https://192.168.2.254/Settings/SMB
image.thumb.png.5521d9464bf13380440e1d07b77edbff.png
 

The error you're seeing, specifically "Rejecting attempt at 'normal' session setup after negotiating SPNEGO," indicates that the Samba server is rejecting attempts to set up a session using the older SMB1 protocol after negotiating the use of SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism). This usually occurs because modern versions of Samba default to disabling SMB1 due to its security vulnerabilities.

To mitigate this, there are a couple of approaches depending on your specific needs:

 

Enable SMB2/SMB3 (recommended): Ensure that your clients are using SMB2 or SMB3 instead of SMB1, which is more secure and modern. SMB1 is known for having security issues (such as the infamous WannaCry attack exploiting it). You can enforce this by adjusting the Samba global settings.

In your smb.conf file (usually located in /etc/samba/smb.conf), ensure that these parameters are set under the [global] section:
 

[global]

min protocol = SMB2

max protocol = SMB3

 

This ensures that the server only accepts SMB2 and SMB3 connections, which will avoid triggering these errors. Clients must also support these protocols, but most modern systems do. If you absolutely need to enable SMB1 (not recommended for security reasons): If for some reason you have older clients that only support SMB1 and you need to enable it, you can allow SMB1 by adjusting the smb.conf file:

 

as seen in other post on how i had to make other edits at one time...
adn unraid is still using the older nt1/smb1 portcal...
 


 

Edited by bmartino1

  • Community Expert

also this is not an working smb settings:

[Cache2] comment = Cache2 include = /etc/samba/unassigned-shares/Cache2.conf path = /mnt/disks/Cache2 valid users = XXXX vfs objects = dirsort write list = XXXX

what you have done here is make a samba share name without a mount point... If you want a incled file

look at teh bottom of your smb confi.

in samba extra
review bottom of you smb.conf...
[global] # hook for unassigned devices shares include = /etc/samba/smb-unassigned.conf # auto-configured shares include = /etc/samba/smb-shares.conf

 

[global] 
# hook for cache disk ?Unasgned drive didn't make this did it?
include = /etc/samba/unassigned-shares/Cache2.conf

the include file shouldn't be a part of the share itself and should be called under the global option before the [sharename]

Edited by bmartino1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.