Re: ReadyShare SMB1 Error

Robc101,

This is related to an issue which arose last year known as the "Samba" issue.   This was a fairly significant security vulnerability which most vendors reacted to by updating the Samba protocol that their devices used.   When this was done, as it was in the NETGEAR router you have, it made those devices no longer compatible with devices which continued to run on the Samba 1 (or pre-Samba vulnerability) code.  

What you need to do, is find the update procedure which your USB device has for updating to address the Samba vulnerability which will move it to SMB2 support.   It should then work with the router.

John

Thank you John. I contacted PNY about their USB Device and they said this issue has nothing to do with them and to contact Netgear

Microsoft says 

In Windows 10 Fall Creators Update and Windows Server, version 1709 (RS3), the Server Message Block version 1 (SMBv1) network protocol is no longer installed by default. It was superseded by SMBv2 and later protocols starting in 2007. Microsoft publicly deprecated the SMBv1 protocol in 2014.

To work around this issue, contact the manufacturer of the product that supports only SMBv1, and request a software or firmware update that support SMBv2.02 or a later version.

Microsoft OS update has disabled SMB1 support by default since Q4 2017, while ReadySHARE requires SMB1 protocol to be enabled to access.

You would need to manually turn on SMB1 by going to "Turn Windows features on or off" and check "SMB 1.0/CIFS Client" under "SMB 1.0/CIFS file sharing support"

Yes, I am aware, however, this opens my network to Samba Vunerabilities and Wanna Cry. It looks like I need Netgear to enable SMB2 in their readySHARE capability.

It's a multil-layer thingie in fact.

Enabling just SMB 1.0 Client (and more essentially the NetBIOS discovery protocol still required to discover most NAS and all ReadyShare Routers on the LAN!) on the Windows side does not create any risk.

Some Netgear routers (I don't have the bigger picture) like the Nighthawk X10 (R9000) with the current v1.0.3.6 come with an updated SAMBA, and a UI control on the SMB protocols (plus some more) served:



Looking inside of a current X10 does show:

root@R9000:/# /usr/sbin/smbd -V
Version 4.6.4

If one would be very nut picking, SAMBA starting from 4.6.4 (resp. 4.5.10 or 4.4.14 if one is on older branches) has fixed the IPC vulnerability used by Wanna Cry - so that risk is mitigated even if one would continue using SMB 1.0. However, this does not help the owners of the older WiFi router models not having seen updates yet.

A "theoretical" temporary fix would be adding a config line into the SAMBA config, [global] section:

nt pipe support = no

This does however remove the ability to "browse" the ReadySHARE \\readyshare\ server - and you have to use the correct shared folders names like \\readyshare\USB_storage or \\192.168.1.1\USB_storage - that would not be a big loss, but then it's not customer friendly having to enable telnet or ssh access to the routers, and patch things on the fly - and then the change is even volatile.

Said that - there is no other way to push Netgear towards updating as many WiFi routers, Nighthawk, (and Orbi?), ... firmware with a newer SAMBA version, making them add the similar UI control, ... or officially abandon the support of ReadySHARE SMB access on some older products.

Last but not least, @johngm is the GM of Netgear's Business Solutions unit, all the Netgear consumer WiFi Routers and Nighthawk are coming from a different business unit. But I'm convinced he can talk Tacheles to his boss and his other BU friends. Please John...

Regards,
-Kurt