Hi everyone,
I'm in a bit of a unique situation, and I could really use some advice. I've got CNC machines that are essential for our operations, and unfortunately, they run on older versions of Windows—specifically 2000, XP, and 7. Many of these machines are very expensive, costing between 500,000 and 1 million Euros, and their life expectancy is measured in decades! While some manufacturers offer upgrades to newer Windows versions, they're prohibitively expensive, so we're sticking with the legacy systems for now.
All these machines are isolated on separate VLANs and don't have internet access, but our technicians can access them from the production VLAN to push files through SMB shares. The problem is that since upgrading to Windows 11, I'm having trouble connecting to these SMB shares, especially with the older models like Windows 2000. I keep getting a "password invalid" error, despite trying various fixes in PowerShell.
I'm considering two main solutions: either remove the passwords from the 2000 machines (which feels risky in terms of security) or set up a middleman server in another VLAN that can create shares and run scripts to transfer files automatically. However, the catch is that I can't install any software on the controllers themselves.
Any insights or advice on how I might solve the SMB issue or set up the middleman server effectively would be greatly appreciated! Thanks for your help!
5 Answers
I had a similar setup before, and it worked out pretty well! You can mount the shares on a Linux server and use Samba to re-share it while maintaining access for your newer systems. Just keep an eye on the syncing—sometimes if there's a failure, files can get misplaced if not monitored carefully.
I feel your pain! You might want to look into using a DNC solution with a direct serial connection to upload/download GCode instead of SMB. It’s a reliable method, and for added security, you could use encrypted USB drives for those who need access to specific files. Just remember to tighten USB access policies for extra security.
The recent updates to Windows 11 seem to enforce encryption on SMB connections. It might be worth checking that you’re not trying to use a guest account without a password since that won’t work. If possible, consider running two Linux servers with different Samba configurations and using NFS between them to avoid compatibility issues.
I think setting up a middleman server is a solid plan! Instead of sticking to SMB, consider using an SFTP server. You could use a Linux server as the middleman to sync directories and keep things secure. SMB can be tricky with those older systems, and an SFTP setup might be more stable. Just make sure the SFTP server on Windows supports the right security protocols, since older OS builds can often be more vulnerable.
What are the chances an SFTP server on those old systems supports modern TLS? I'm curious about this too! I’ve faced similar issues before.
Just a heads up, OP mentioned they aren't looking to use SFTP.
I set up a similar 'jump' server with Samba once. Rsync is great for syncing, but make sure your CNC team is okay with waiting a minute or two for files to transfer. It shouldn't be too much of a hassle, and it centralizes the management of your files effectively!
Yeah, I like the idea of simplifying things with a central jump server. That way, any hitches happen in one place rather than all over!
I’ve got specific user accounts set up on the machines. Your suggestion about running two servers sounds promising!