[samba-jp:22872] sambaサーバーでWin10対応したところ、Win7およびWin10クライアント端末から時々アクセスできない現象が発生しました
NEO 宇佐美 喜夫
yoshio.usami.mw @ west.ntt.co.jp
2018年 8月 6日 (月) 14:13:05 JST
お世話になります。
宇佐美です。
sambaサーバーでWin10対応したところ、Win7およびWin10クライア
ント端末から時々アクセスできない現象が発生しました。
パケットキャプチャとsmbdログを解析したところ、クライアント
端末から「SMB2 Negotiate Protocol Request 」を送信している
場合にsambaサーバー側で「Invalid SMB request」となり
「Negotiate Protocol Responce」を返していないことがわかりま
した。
クライアント端末がアクセスできる場合は、sambaサーバー側で
「SMB Negotiate Protocol Request 」を受信し、
「SMB2 Negotiate Protocol Responce」で「Dialect: 0x0202」
(SMB2.0.2)を返しています。
(Q1)Win7およびWin10クライアント端末が
「SMB2 Negotiate Protocol Request 」を送信するのは
どのような場合でしょうか
(Q2)samba3.6.23-12は「SMB2 Negotiate Protocol Request 」に
対応しているのでしょうか。
(Q3)対応している場合、sambaサーバー側が
「SMB2 Negotiate Protocol Request 」を受信した場合に
「SMB2 Negotiate Protocol Responce」を返せるようにするには
どうしたらよいでしょうか。
(Q4)対応していない場合、対応しているバージョンはどれでしょうか
以上2点教えていただけないでしょうか。
よろしくお願いいたします。
◆Linux・sambaバージョン
# cat /etc/redhat-release
CentOS release 6.4 (Final)
# uname -r
2.6.32-358.el6.x86_64
# smbd -V
Version 3.6.23-12.el6
◆smb.conf設定
#Win10対応
#max protocol = NT1
max protocol = SMB2
min protocol = CORE
◆パケットキャプチャとsmbdログ(アクセスできない場合)
"3550","17:03:38.339710","100.91.151.254","10.79.166.154","SMB2","162","Negotiate Protocol Request"
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
Server Component: SMB2
Header Length: 64
Credit Charge: 1
Channel Sequence: 0
Reserved: 0000
Command: Negotiate Protocol (0)
Credits requested: 31
Flags: 0x00000000
.... .... .... .... .... .... .... ...0 = Response: This is a REQUEST
.... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
.... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
.... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
.... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY1
...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
Chain Offset: 0x00000000
Message ID: Unknown (0)
Process Id: 0x0000feff
Tree Id: 0x00000000
Session Id: 0x0000000000000000
Signature: 00000000000000000000000000000000
Negotiate Protocol Request (0x00)
StructureSize: 0x0024
0000 0000 0010 010. = Fixed Part Length: 18
.... .... .... ...0 = Dynamic Part: False
Dialect count: 2
Security mode: 0x01, Signing enabled
.... ...1 = Signing enabled: True
.... ..0. = Signing required: False
Reserved: 0000
Capabilities: 0x00000000
.... .... .... .... .... .... .... ...0 = DFS: This host does NOT support DFS
.... .... .... .... .... .... .... ..0. = LEASING: This host does NOT support LEASING
.... .... .... .... .... .... .... .0.. = LARGE MTU: This host does NOT support LARGE_MTU
.... .... .... .... .... .... .... 0... = MULTI CHANNEL: This host does NOT support MULTI CHANNEL
.... .... .... .... .... .... ...0 .... = PERSISTENT HANDLES: This host does NOT support PERSISTENT HANDLES
.... .... .... .... .... .... ..0. .... = DIRECTORY LEASING: This host does NOT support DIRECTORY LEASING
.... .... .... .... .... .... .0.. .... = ENCRYPTION: This host does NOT support ENCRYPTION
Client Guid: 04952c46-956e-11e8-89f7-005056964ff3
NegotiateContextOffset: 0x0000
NegotiateContextCount: 0
Reserved: 0000
Dialect: 0x0202
Dialect: 0x0210
"3551","17:03:38.339731","10.79.166.154","100.91.151.254","TCP","54","445 → 55229 [ACK] Seq=1 Ack=109 Win=14720 Len=0"
"3552","17:03:38.386807","10.79.166.154","100.91.151.254","TCP","54","445 → 55229 [FIN, ACK] Seq=1 Ack=109 Win=14720 Len=0"
Transmission Control Protocol, Src Port: 445, Dst Port: 55229, Seq: 1, Ack: 109, Len: 0
Source Port: 445
Destination Port: 55229
[Stream index: 1]
[TCP Segment Len: 0]
Sequence number: 1 (relative sequence number)
[Next sequence number: 1 (relative sequence number)]
Acknowledgment number: 109 (relative ack number)
0101 .... = Header Length: 20 bytes (5)
Flags: 0x011 (FIN, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...1 = Fin: Set
[Expert Info (Chat/Sequence): Connection finish (FIN)]
[Connection finish (FIN)]
[Severity level: Chat]
[Group: Sequence]
[TCP Flags: ・・・・・・・A・・・F]
Window size value: 115
[Calculated window size: 14720]
[Window size scaling factor: 128]
Checksum: 0x4e33 [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
[Timestamps]
[Time since first frame in this TCP stream: 0.064782000 seconds]
[Time since previous frame in this TCP stream: 0.047076000 seconds]
"3553","17:03:38.400109","100.91.151.254","10.79.166.154","TCP","60","55229 → 445 [ACK] Seq=109 Ack=2 Win=131328 Len=0"
"3555","17:03:38.401960","100.91.151.254","10.79.166.154","TCP","66","55230 → 445 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1"
smbd[14188]: [2018/08/03 10:35:00.630334, 3] smbd/oplock.c:922(init_oplocks)
smbd[14188]: init_oplocks: initializing messages.
smbd[14188]: [2018/08/03 10:35:00.630595, 3] smbd/oplock_linux.c:246(linux_init_kernel_oplocks)
smbd[14188]: Linux kernel oplocks enabled
smbd[14188]: [2018/08/03 10:35:00.630962, 3] smbd/process.c:1609(process_smb)
smbd[14188]: Transaction 0 of length 178 (0 toread)
smbd[14188]: [2018/08/03 10:35:00.634182, 0] smbd/process.c:525(init_smb_request)
smbd[14188]: init_smb_request: invalid wct number 255 (size 178)
smbd[14188]: [2018/08/03 10:35:00.634544, 3] smbd/server_exit.c:181(exit_server_common)
smbd[14188]: Server exit (Invalid SMB request)
◆パケットキャプチャとsmbdログ(アクセスできる場合)
"4","13:14:56.254717","100.91.151.254","10.79.166.154","SMB","213","Negotiate Protocol Request"
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
SMB Command: Negotiate Protocol (0x72)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18, Canonicalized Pathnames, Case Sensitivity
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc853, Unicode Strings, Error Code Type, Extended Security Negotiation, Long Names Used, Security Signatures Required, Extended Attributes, Long Names Allowed
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
.... .0.. .... .... = Reparse Path: The request does not use a @GMT reparse path
.... .... .1.. .... = Long Names Used: Path names in request are long file names
.... .... ...1 .... = Security Signatures Required: Security signatures are required
.... .... .... 0... = Compressed: Compression is not requested
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..1. = Extended Attributes: Extended attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 65535
Process ID: 65279
User ID: 0
Multiplex ID: 0
Negotiate Protocol Request (0x72)
Word Count (WCT): 0
Byte Count (BCC): 34
Requested Dialects
Dialect: NT LM 0.12
Dialect: SMB 2.002
Dialect: SMB 2.???
Negotiate Protocol Request (0x72)
Word Count (WCT): 0
Byte Count (BCC): 34
Requested Dialects
Dialect: NT LM 0.12
Dialect: SMB 2.002
Dialect: SMB 2.???
"6","13:14:56.271311","10.79.166.154","100.91.151.254","SMB2","282","Negotiate Protocol Response"
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
Server Component: SMB2
Header Length: 64
Credit Charge: 0
NT Status: STATUS_SUCCESS (0x00000000)
Command: Negotiate Protocol (0)
Credits granted: 1
Flags: 0x00000001, Response
.... .... .... .... .... .... .... ...1 = Response: This is a RESPONSE
.... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
.... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
.... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
.... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY1
...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
Chain Offset: 0x00000000
Message ID: Unknown (0)
Process Id: 0x00000000
Tree Id: 0x00000000
Session Id: 0x0000000000000000
Signature: 00000000000000000000000000000000
Negotiate Protocol Response (0x00)
StructureSize: 0x0041
0000 0000 0100 000. = Fixed Part Length: 32
.... .... .... ...1 = Dynamic Part: True
Security mode: 0x01, Signing enabled
.... ...1 = Signing enabled: True
.... ..0. = Signing required: False
Dialect: 0x0202
NegotiateContextCount: 0
Server Guid: 2d6f656e-7673-3032-3031-323530000000
Capabilities: 0x00000000
.... .... .... .... .... .... .... ...0 = DFS: This host does NOT support DFS
.... .... .... .... .... .... .... ..0. = LEASING: This host does NOT support LEASING
.... .... .... .... .... .... .... .0.. = LARGE MTU: This host does NOT support LARGE_MTU
.... .... .... .... .... .... .... 0... = MULTI CHANNEL: This host does NOT support MULTI CHANNEL
.... .... .... .... .... .... ...0 .... = PERSISTENT HANDLES: This host does NOT support PERSISTENT HANDLES
.... .... .... .... .... .... ..0. .... = DIRECTORY LEASING: This host does NOT support DIRECTORY LEASING
.... .... .... .... .... .... .0.. .... = ENCRYPTION: This host does NOT support ENCRYPTION
Max Transaction Size: 65536
Max Read Size: 65536
Max Write Size: 65536
Current Time: No time specified (0)
Boot Time: No time specified (0)
Blob Offset: 0x00000080
Blob Length: 96
Security Blob: 605e06062b0601050502a0543052a024302206092a864886...
GSS-API Generic Security Service Application Program Interface
OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
Simple Protected Negotiation
negTokenInit
mechTypes: 3 items
MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
MechType: 1.2.840.48018.1.2.2 (MS KRB5 - Microsoft Kerberos 5)
MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
negHints
hintName: not_defined_in_RFC4178 @ please_ignore
NegotiateContextOffset: 0x0000
smbd[14151]: [2018/08/03 10:12:00.699116, 3] smbd/oplock.c:922(init_oplocks)
smbd[14151]: init_oplocks: initializing messages.
smbd[14151]: [2018/08/03 10:12:00.699493, 3] smbd/oplock_linux.c:246(linux_init_kernel_oplocks)
smbd[14151]: Linux kernel oplocks enabled
smbd[14151]: [2018/08/03 10:12:00.700284, 3] smbd/process.c:1609(process_smb)
smbd[14151]: Transaction 0 of length 73 (0 toread)
smbd[14151]: [2018/08/03 10:12:00.701233, 3] smbd/process.c:1414(switch_message)
smbd[14151]: switch message SMBnegprot (pid 14151) conn 0x0
smbd[14151]: [2018/08/03 10:12:00.703014, 3] smbd/negprot.c:598(reply_negprot)
smbd[14151]: Requested protocol [NT LM 0.12]
smbd[14151]: [2018/08/03 10:12:00.703346, 3] smbd/negprot.c:598(reply_negprot)
smbd[14151]: Requested protocol [SMB 2.002]
smbd[14151]: [2018/08/03 10:12:00.703650, 3] smbd/negprot.c:598(reply_negprot)
smbd[14151]: Requested protocol [SMB 2.???]
smbd[14151]: [2018/08/03 10:12:00.704766, 3] smbd/negprot.c:704(reply_negprot)
smbd[14151]: Selected protocol SMB 2.002
以上です。
samba-jp メーリングリストの案内