[Bug 1697817] Re: disable smb1 by default

Julian Alarcon alarconj at gmail.com
Mon Sep 11 21:31:04 UTC 2017 

Adding more info, next future SAMBA version 4.7 will increase the SMB
"client max protocol" to SMB3_11 to be able to connect to servers with
SMB1 disabled, "client min protocol" is still SMB1.

https://download.samba.org/pub/samba/rc/samba-4.7.0rc1.WHATSNEW.txt
https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.7
https://wiki.samba.org/index.php/Samba_4.7_Features_added/changed

######
The default for "client max protocol" has changed to "SMB3_11",
which means that smbclient (and related commands) will work against
servers without SMB1 support.

It's possible to use the '-m/--max-protocol' option to overwrite
the "client max protocol" option temporary.

Note that the '-e/--encrypt' option also works with most SMB3 servers
(e.g. Windows >= 2012 and Samba >= 4.0.0), so the SMB1 unix extensions
are not required for encryption.

The change to SMB3_11 as default also  means smbclient no longer
negotiates SMB1 unix extensions by default, when talking to a Samba server with
"unix extensions = yes".  As a result some commands are not available, e.g.
posix_encrypt, posix_open, posix_mkdir, posix_rmdir, posix_unlink, posix_whoami,
getfacl and symlink. Using "-mNT1" reenabled them, if the server supports SMB1.

Note the default ("CORE") for "client min protocol" hasn't changed,
so it's still possible to connect to SMB1-only servers by default.
######

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1697817

Title:
  disable smb1 by default

Status in samba package in Ubuntu:
  Triaged

Bug description:
  Hello,

  Ned Pyle from the SMB team at Microsoft would very much like us to
  disable SMBv1 in Samba by default:

  https://twitter.com/NerdPyle/status/874798165429440512
  https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

  It'd be nice to make this change early enough that 18.04 LTS does not
  ship with SMB1 support enabled by default.

  Thanks

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1697817/+subscriptions

More information about the foundations-bugs mailing list