microsoft
SmbGlobalMapping Username and Domain is set to Null/Null after beeing mounted
Describe the bug After an SMB Share is mounted using a SmbGlobalMapping (using https://learn.microsoft.com/en-us/powershell/module/smbshare/new-smbglobalmapping?view=windowsserver2019-ps), the initial authentication request does contains the username and domain specified with the -credential option but when the global mapping is used under windows container/docker, it contains NULL/NULL. It does lead to try to establish a session for every file read/write and can also lead to network port exhaustion if the NAS Provider does not support those null/null
To Reproduce
- Mount a SmbGlobalMapping using using https://learn.microsoft.com/en-us/powershell/module/smbshare/new-smbglobalmapping?view=windowsserver2019-ps
- Start a docker with a -v option
- Take some network capture with Wireshark
Expected behavior We expect authentification token to contains the user given with the -credentials option when mounted the folder
Configuration:
- Windows Server 2019
Thank you for creating an Issue. Please note that GitHub is not an official channel for Microsoft support requests. To create an official support request, please open a ticket here. Microsoft and the GitHub Community strive to provide a best effort in answering questions and supporting Issues on GitHub.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Sounds same issue which we did see but in our environment it happened only with one file server. I was not able to find root cause but expected that it has something to do it authentication settings.
Anyway, I was able to find that: you can avoid this issue by adding hosts file line like this to container:
0.0.0.0 server.domain.local
where you use same server name than is used to create that mapping.
That way container cannot resolve file server name and connect to it directly like it tries but instead of host OS will refresh authentication.
Alternative solution which just came to my mind would to be to disable LanmanWorkstation service completely from container but haven't tested that.
Thanks for the solution. You made my day! I can confirm this seems all good, and the host file is more flexible in case of multiple mappings
@ntrappe-msft I see you reply to few other bug of this repo. Any insights on this issue ?
Thanks
@jcarnus btw. Have you tried to use -RequirePrivacy $true parameter suggested in https://github.com/moby/moby/issues/37863#issuecomment-583016113 ?
It was not explained in there but I would assume that it will enforce SMB version 3 to be used and I can see Encrypted SMB3 messages in Wireshark when it is used.
PS. I also highly recommend upgrading to Windows Server 2025. 2019 is very old already and missing many improvements in this area.
The -RequirePrivacy is already set to $true on the SmbGlobalMapping and I see the same issue with Win2022. Adding to this, not all NAS providers support a login mecanism with NULL username and password.
This issue has been open for 30 days with no updates. no assignees, please provide an update or close this issue.
![microsoft-github-policy-service[bot] avatar](https://avatars.githubusercontent.com/in/95686?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been open for 30 days with no updates. no assignees, please provide an update or close this issue.