NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
No access to shares after disabling SMB1 as recommended by Microsoft
Hi everyone,
in view of the latest WannaCry/Crypt attack on 12 May 2017, Microsoft recommended to patch my Windows 10 OS and disable SMB 1.0/CIFS File Sharing Support.
Check this link:
http://www.thewindowsclub.com/disable-smb1-windows
So I disabed SMB1 and now I lost access to all my shares on my RND2000V2 NAS.
Since I had to access my NAS shares, I have re-enabled SMB1, but now I also have a security hole.
Does anyone know (including Netgear tech staff) how to access the network shares with SMB1 disabled?
Currently I cannot achieve this, and can only think that a firmware upgrade would do this to use either SMB2 or SMB3.
My current firmware is 5.3.12 (latest).
Thnak you.
Best regards
Alfred56
On RAIDiator 4.1 and RAIDiator 5.3, they use versions of Samba that do not support SMB2. You will need to use the Windows tricks to re-enable SMB1 support.
On RAIDiator 4.2, it can support SMB2 but you may experience a performance hit that you could find unacceptable.
We can see about creating an unofficial add-on for RAIDiator 4.2 boxes that you can use at your own risk to be use SMB2. These devices were not meant to run SMB2 though. All of the RAIDiator boxes are older than 5 years. It might be time for an upgrade.
If you are really concerned, you can unofficially upgrade most RAIDiator 4.2 boxes to OS 6 at the risk of factory defaulting your NAS and putting your data back onto the volumes. Alternatively, you can upgrade to a newer ReadyNAS and use the old ReadyNAS as a backup (always smart to have multiple backups, which eliminates single point of failure).
28 Replies
Replies have been turned off for this discussion
We're using samba 3.5.22 in RAIDiator-arm 5.3.12. This has experimental support for SMB2, but for using SMB2 you'd really want to be using a newer samba series.
We have no plans to update to a newer version of samba for RAIDiator-arm as far as I'm aware.
Our ReadyNAS OS6 devices currently use the samba 4.4 series.
Welcome to the Community!
I switched to NFS on my ReadyNAS Duo. Windows has an NFS client which you can enable in Control Panel -> Programs and features -> Turn Windows features on and off. Then enable NFS on your NAS and set your shares to use it.
If you're sharing a printer (as I am) you can switch from SMB to IPP and access it that way.
peterkin wrote:I switched to NFS on my ReadyNAS Duo. Windows has an NFS client which you can enable in Control Panel -> Programs and features -> Turn Windows features on and off. Then enable NFS on your NAS and set your shares to use it.
If you're sharing a printer (as I am) you can switch from SMB to IPP and access it that way.
Hi peterkin
how are you?
Thank you for the reply.
I tried NFS (Enable NFS on the share, install the NFS Client on Windows 10), but is super slow on this unit.
RAIDiator 4.x and 5.x SMB uses a version of Samba that depends on SMB/CIFS 1 client support to work. They won't be getting feature updates at this point. ReadyNAS OS 6.x supports up to SMB 3 and will happily keep working if you disable SMB 1 support on your client computers.
Windows 10 was never vulnerable to Wannacrypt. I think the security benefits to disabling it are speculative at best, especially if you actually need it to access your files.
- Windows 10 next release removing smbv1, so accessing my duo 1 from my laptop on 10 home is not possible, access via nfs on a 10 pro is very slow, have now to replace and obviously I'm not inclined to buy another netgear so have to buy disks and copy.. Shocking support
Hubris1 wrote:
Windows 10 next release removing smbv1, so accessing my duo 1 from my laptop on 10 home is not possible, access via nfs on a 10 pro is very slow, have now to replace and obviously I'm not inclined to buy another netgear so have to buy disks and copy.. Shocking supportNetgear hasn't said what they are doing longer term, though some people have speculated.
- Maybe they need to get the finger out then, windows update is in couple of months, an official statement even saying no longer supported would help my decision,
- That will translate as upgrade or tough then
Hubris1 wrote:
That will translate as upgrade or tough thenAgain, I have no inside scoop.
The 4.1.x and 5.x systems have SAMBA 3.5, which has experimental SMB2, the OS 4.2 systems have Samba 3.6, which has a more complete SMB2. Simply allowing those to be used is easy enough, but there could be other CVEs and bugs that would need to be backported.
Also, the info on Windows I have is
- All Home and Professional editions now have the SMB1 server component uninstalled by default. The SMB1 client remains installed. This means you can connect to devices from Windows 10 using SMB1, but nothing can connect to Windows 10 using SMB1.
- Windows 10, we may uninstall SMB1 client if we detect that you are not using it.
- All Enterprise and Education editions have SMB1 totally uninstalled by default.
- The removal of SMB1 means the removal of the legacy Computer Browser service. The Computer Browser depends exclusively on SMB1 and cannot function without it.
- If you are upgrading or need to install the protocol after a clean install, you will still be able to do so
Assuming this is all correct, it's not as stark as "you can't access the old NAS after the next Win10 release" SMB1 still be available, though of course it is a vulnerability.
FWIW, Microsoft is building their own list of products requiring SMB1 - it is here: https://blogs.technet.microsoft.com/filecab/2017/06/01/smb1-product-clearinghouse/ I'm sure there are a lot more.
In my own case, the 4.1 and 4.2 systems I have are purely backup NAS, and losing SMB access is not a big problem - arguably I should turn SMB off altogether on them anyway, and just leave rsync enabled.. I could easily upgrade the 4.2 system to OS 6.
I got SMB2 working on my old ReadyNAS Pro running the latest 4.2.31 x86 by installing the enablerootssh plugin and using WinSCP to edit the /etc/samba/samba.conf file and adding the following line to the global section:
max protocol = SMB2
On RAIDiator 4.1 and RAIDiator 5.3, they use versions of Samba that do not support SMB2. You will need to use the Windows tricks to re-enable SMB1 support.
On RAIDiator 4.2, it can support SMB2 but you may experience a performance hit that you could find unacceptable.
We can see about creating an unofficial add-on for RAIDiator 4.2 boxes that you can use at your own risk to be use SMB2. These devices were not meant to run SMB2 though. All of the RAIDiator boxes are older than 5 years. It might be time for an upgrade.
If you are really concerned, you can unofficially upgrade most RAIDiator 4.2 boxes to OS 6 at the risk of factory defaulting your NAS and putting your data back onto the volumes. Alternatively, you can upgrade to a newer ReadyNAS and use the old ReadyNAS as a backup (always smart to have multiple backups, which eliminates single point of failure).
kohdee wrote:
Alternatively, you can upgrade to a newer ReadyNAS and use the old ReadyNAS as a backup (always smart to have multiple backups, which eliminates single point of failure).
Note that if you do that, you can also disable SMB altogether on the backup NAS. That's what I've done on my 4.1.x NAS.
Thanks for the reply. I did see that it's possible to upgrade to OS6, but then saw a mention that the fans may run loud and that would be a problem for me.
Do you know if fan speed is still an issue with the unofficial OS6 on ReadyNAS Pro?
If this is resolved then I'll do the upgrade & factory reset.
Thanks in advance,
If you have the stock fans, the problem was resolved a long time ago. Some who have replaced their fans had problems that persisted longer -- I do not know if those have been resolved.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
