Given this recent announcement https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices How does one turn off and verify the SMB protocol setting? I'm a bit confused by looking at the man page for smb.conf. I have the following set which I believe to be the default settings. samba-tool testparm -v | grep "max protocol" client ipc max protocol = default client max protocol = default server max protocol = SMB3 samba-tool testparm -v | grep "min protocol" client ipc min protocol = default client min protocol = CORE server min protocol = LANMAN1 The man page states the 'min protocol' setting should never need to be changed. I would assume I would need to change this to SMB3 or the very least SMB2 to disable SMBv1? Thanks. -- - James
L A Walsh
2017-Jan-17 22:29 UTC
[Samba] Disable SMB v1, & how to specify SMB2.1 instead of Vista-compat-SMB2?
lingpanda101 via samba wrote:> Given this recent announcement > https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices > >Note: best practices != a security breach or flaw.> How does one turn off and verify the SMB protocol setting? I'm a bit > confused by looking at the man page for smb.conf. I have the following > set which I believe to be the default settings. > > samba-tool testparm -v | grep "max protocol" > > client ipc max protocol = default > client max protocol = default > server max protocol = SMB3 >---- I was told I shouldn't go below SMB2.1 (for Win7SP1) How is that configured through smb.conf? I was told SMB2 was for Vista and doesn't have some features that 2.1 does have.
Apparently Analagous Threads
- SMB3 verification in Wireshark
- How to mount a share without using -o vers=1.0 ?
- pam_mount in 'newer samba'...
- Samba 4.0 released - The First Free Software Active Directory Compatible Server is now available !
- Samba 4.0 released - The First Free Software Active Directory Compatible Server is now available !