Jeremy Allison
2021-Feb-10 19:46 UTC
[Samba] Is it possible to set the protocol for a single client
On Wed, Feb 10, 2021 at 07:32:17PM +0000, Rowland penny wrote:>On 10/02/2021 19:07, Jeremy Allison via samba wrote: >>On Wed, Feb 10, 2021 at 01:52:28PM -0500, Robert Steinmetz via samba >>wrote: >>>I have a few clients which require minimum protocol. Is it >>>possible to set the min protocol on a per client basis? >>>If so how? >> >>You could try doing an include directive in the >>smb.conf based on client machine (%m or %M) parameter. >> >Hi Jeremy, how would that work ? > >I understand the concept of using 'includes', I just don't see how an >include file that contains something like 'server minimum protocol = >NT1' is going to affect a running samba, just how would the client >trigger it ??Matching on the remote hostname (%M) is done at socket accept time (it's how we handle the "hosts allow/ hosts deny" parameters. This is *before* the negprot is processed, so if there is an include that adds "server minimum protocol = NT1" it will allow the client that matches to connect using SMB1, but all others will be restricted to SMB2+.
Rowland penny
2021-Feb-10 20:02 UTC
[Samba] Is it possible to set the protocol for a single client
On 10/02/2021 19:46, Jeremy Allison wrote:> On Wed, Feb 10, 2021 at 07:32:17PM +0000, Rowland penny wrote: >> On 10/02/2021 19:07, Jeremy Allison via samba wrote: >>> On Wed, Feb 10, 2021 at 01:52:28PM -0500, Robert Steinmetz via samba >>> wrote: >>>> I have a few clients which require minimum protocol. Is it possible >>>> to set the min protocol on a per client basis? >>>> If so how? >>> >>> You could try doing an include directive in the >>> smb.conf based on client machine (%m or %M) parameter. >>> >> Hi Jeremy, how would that work ? >> >> I understand the concept of using 'includes', I just don't see how an >> include file that contains something like 'server minimum protocol = >> NT1' is going to affect a running samba, just how would the client >> trigger it ?? > > Matching on the remote hostname (%M) is > done at socket accept time (it's how > we handle the "hosts allow/ hosts deny" > parameters. > > This is *before* the negprot is processed, > so if there is an include that adds > "server minimum protocol = NT1" it > will allow the client that matches > to connect using SMB1, but all others > will be restricted to SMB2+.OK, I can understand that, but are you saying that if there is a line like 'include = /path/to/smb.conf.%M' in smb.conf and there is a file called smb.conf.clientname in /path/to , then the contents of that will be used instead of what is in the main smb.conf ? Wouldn't you have to reload the samba config ? Still mistified Rowland