RFC: disabling the SMB1 protocol in our samba stack (client, server) (#1697817)
Andreas Hasenack
andreas at canonical.com
Mon Jun 19 13:44:42 UTC 2017
Hi,
we had a bug [1] filed against Ubuntu as part of a larger campaign [2] to
disable the old, vulnerable, deprecated SMB1 protocol in the Samba stack.
I asked upstream [3] for their opinion on changing the default protocol
level.
In terms of an actual change, it's just a pair of independent configuration
settings in smb.conf (if upstream doesn't change the defaults): one for
client, one for server. That part is simple. The repercussions need to be
thought through, however. We can split them into server and desktop
(client):
Server:
* old clients (like windows xp, and windows <= 2003) won't be able to
connect to the samba server anymore. This will certainly include some
appliances like TVs, old videogame consoles, old music players, media
stations, and others
Desktop (client):
* network browsing will be affected
* ubuntu won't be able to connect to old Samba/Windows servers that only
support SMB1. Again, not only classic servers, but think old home NAS
servers
If you want to experiment what your network would look like if this is
implemented, these are the changes to /etc/samba/smb.conf:
client min protocol = SMB2
and/or
server min protocol = SMB2
Change one or both, depending on what you want to test. Maybe as a first
step we could change only the server setting, so that Ubuntu, when acting
as a client (desktop), can still see and interact with old SMB1 servers.
This email is to get a feel of what people think about this change, and to
collect tasks that need to be done to implement this big change. I'm
collecting these tasks in a trello card [4] for now, and, moving forward,
this will likely become a spec document.
Thanks!
1. https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1697817
2. https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
3. https://lists.samba.org/archive/samba-technical/2017-June/121164.html
4. https://trello.com/c/P73Okl8z
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20170619/496aec4b/attachment.html>
More information about the ubuntu-devel
mailing list