One of the routine tasks which I recently carried out on my LAN, was to retire an old computer named ‘Walnut’. A day later I discovered that I could no longer browse my LAN, by way of my SAMBA shares. BTW, all my computers are by now either Debian / Jessie or Debian / Stretch computers. So what gives with the sudden inability to browse my shares via the GUI, which is the ‘Dolphin file browser’?
(Solved as of 03/23/2018 … )
Well in my ‘/etc/samba/smb.conf’ file, I gave the option:
[global] (...) smb encrypt = desired
The purpose of this was, for the Samba Server to query the Client, whether the client supports encryption, and if affirmative, to enforce such encryption.
And, just to be sure that I haven’t made some silly mistake, I can run the following tests:
root@Phoenix:/etc/samba# cat smb.conf | grep "map to guest" map to guest = Bad User root@Phoenix:/etc/samba# cat smb.conf | grep "obey pam" obey pam restrictions = no root@Phoenix:/etc/samba#
But the disposition of the client to offer encryption, needed to be decided on the client machines, by creating a user-space file, i.e. a file in the home folder, which is named ‘~/.smb/smb.conf’, which contains the following lines:
[global] client max protocol = SMB3
This is actually required, in order for the Dolphin / GUI-client even to offer the level of security which I wanted, which is SMB3 security. Without my specifying this, Dolphin would indicate to the Server, that SMB3 is not available, and no encryption would take place. This line of code can also be put into ‘/etc/samba/smb.conf’ , but I chose to put it into my home-folder like that.