I have started the development of a SMB server for an old Z80 based machine. This machine runs a very simple, MS-DOS like operating system (no multitask, no concept of users, FAT filesystem only, no unicode, 8.3 filenames only) and has limited memory, therefore my first idea is to implement just the SMB core protocol. I will use TCP transport.
As for now, I have just a very short testing code that just replies to the SMB_COM_NEGOTIATE command, indicating that the core protocol ("PC NETWORK PROGRAM 1.0") is the desired dialect. In order to test it, I try to connect from a Windows 7 machine, by opening a explorer window and typing "\\<server IP>"
in the address bar. I have verified with Wireshark that the server receives the negotiate command and sends an (apparently) correct response.
The problem: as soon as the Windows client receives the response, it shows a generic "Can't access resource" error message (with error code 0x80004005) and then nothing happens (no further SMB messages are sent). I was expecting to receive SMB_COM_TREE_CONNECT or a similar command.
I was thinking that maybe Windows 7 does not support the core protocol (it is very old and it lacks any security feature whatsoever), but then, why does it list the core dialect name in the negotiate request? Maybe I am missing some step? Must the server send any additional packet after the negotiate response?
The client OS is Windows 7 Ultimate 64 bits, and here are the Wireshark dumps of both the request and the response in case anyone can spot anything wrong in the process:
The request:
The response:
UPDATE: If I select the NT LM 0.12 dialect instead of the core dialect, I receive a SESSION_SETUP_AND_REQUESTX command from the client. So apparently it seems that indeed, the core protocol is not supported by Windows 7. Anyway, any extra information will be appreciated.
I believe Windows 7 does support the Core Protocol. It downgrades to SMB 1.0 when connecting to older servers as per here.
Based on the issues that Windows 7 has with connecting to Samba servers, I believe the issue with the specifying the core protocol is due the LANMAN workstation / client settings on the Windows 7 machine.
Recommended changes would be
Network security: LAN Manager authentication level Send LM & NTLM responses
【HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa \【LmCompatibilityLevel 】
value of the registry key to 0 as per here
Adding the following parameters to LanmanWorkStation and NetLogon in the registry
HKLM\System\CCS\Services\LanmanWorkstation\Parameters
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0
HKLM\System\CCS\Services\Netlogon\Parameters
DWORD RequireSignOnSeal = 0
DWORD RequireStrongKey = 0
Possible changes to these settings both via registry and via security policy are listed here
These changes should ensure LanmanWorkstation doesn't use NTLMv2 session security.
This info is basically the same as @Appleman1234 provided (thanks!), just a bit easier to apply.
.bat
file and it will export to your C:
drive the 3 reg keys we are getting ready to modify.reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa HKEY_LOCAL_MACHINE.SYSTEM.CurrentControlSet.Control.Lsa.reg reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters HKEY_LOCAL_MACHINE.SYSTEM.CurrentControlSet.services.LanmanWorkstation.Parameters.reg reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters HKEY_LOCAL_MACHINE.SYSTEM.CurrentControlSet.services.Netlogon.Parameters.reg
.reg
file and import it to your registry.Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "lmcompatibilitylevel"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters] "EnablePlainTextPassword"=dword:00000001 "EnableSecuritySignature"=dword:00000000 "RequireSecuritySignature"=dword:00000000 "DomainCompatibilityMode"=dword:00000001 "DNSNameResolutionRequired"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] "RequireSignOrSeal"=dword:00000000 "RequireStrongKey"=dword:00000000 "RequireSignOnSeal"=dword:00000000
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With