On Tue, 2021-06-29 at 16:18 -0400, Nick Couchman wrote:> > > If I understand the question correctly, I believe Stephen is asking > if you could limit support for SMBv1 to a single client, allowing > only that client to talk to the Samba server with SMBv1, while > forcing all other computers to talk with SMBv2/3, etc. > > My thought is you could possibly do this using the include directive > in the smb.conf file to include a per-machine configuration file, > perhaps based on IP address. Something like this: > > include = /etc/samba/clients/%I.conf > > You could then have a configuration file specifically for that > machine that would lower the SMB protocol level down to 1, and all > other machines could use the default. > > I might be off on that, it isn't something I've tried, but Samba's > support for configuration includes and variable substitutions gives > you some very flexible, very powerful options. >Yes, but if all the other computers were using SMBv2 (at a minimum) how could they 'talk' to the computer that only used SMBv1 and how could it 'talk' to them ? Look at it this way, there are 20 people in a room, 19 only speak English and one only speaks French (or any language that isn't a variant of English), 19 people will understand each other, but the one person that doesn't speak English will not understand the other 19 and they will not understand the one. Rowland
On Tue, Jun 29, 2021 at 4:30 PM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Tue, 2021-06-29 at 16:18 -0400, Nick Couchman wrote: > > > > > > If I understand the question correctly, I believe Stephen is asking > > if you could limit support for SMBv1 to a single client, allowing > > only that client to talk to the Samba server with SMBv1, while > > forcing all other computers to talk with SMBv2/3, etc. > > > > My thought is you could possibly do this using the include directive > > in the smb.conf file to include a per-machine configuration file, > > perhaps based on IP address. Something like this: > > > > include = /etc/samba/clients/%I.conf > > > > You could then have a configuration file specifically for that > > machine that would lower the SMB protocol level down to 1, and all > > other machines could use the default. > > > > I might be off on that, it isn't something I've tried, but Samba's > > support for configuration includes and variable substitutions gives > > you some very flexible, very powerful options. > > > > Yes, but if all the other computers were using SMBv2 (at a minimum) how > could they 'talk' to the computer that only used SMBv1 and how could it > 'talk' to them ? > >Right, but, as I understand it from the original question, the computer that needs to speak SMBv1 is a network scanning device. So, if the Samba server has a share on it, say it's called "Scans", and the network scanning device can talk to the Samba server (only) via SMBv1 in order to drop scanned documents into the Scans share, then all of the other computers on the network can talk to the Samba server using SMBv2+ and the users can pick up their scans from the Scans share on that same server. The network scanning device need not be able to talk to any other computer on the network in order to facilitate this kind of workflow, and it maintains a higher level of security for most of the devices talking to the Samba server. -Nick
There are 21 people in the room. One speaks *both* English and French (the server.) 19 Speak ONLY English. (SMB2+ stations) 1 Speaks only French. (SMB1 legacy client) The server will only speak French to the one french speaker (SMB1) and only English to the english speakers (SMB2+) (or anyone else). The server can talk to each, and convey on their files to each other. (Though in reality, the SMB-1 client will only send SMB files, to the share, it doesn't need any real access other than a place to save the file.) The SMB2+ clients will access the files that SMB1 stored on the share. There, does that help? :) RPvs> On Tue, 2021-06-29 at 16:18 -0400, Nick Couchman wrote:>> If I understand the question correctly, I believe Stephen is asking >> if you could limit support for SMBv1 to a single client, allowing >> only that client to talk to the Samba server with SMBv1, while >> forcing all other computers to talk with SMBv2/3, etc.>> My thought is you could possibly do this using the include directive >> in the smb.conf file to include a per-machine configuration file, >> perhaps based on IP address. Something like this:>> include = /etc/samba/clients/%I.conf>> You could then have a configuration file specifically for that >> machine that would lower the SMB protocol level down to 1, and all >> other machines could use the default.>> I might be off on that, it isn't something I've tried, but Samba's >> support for configuration includes and variable substitutions gives >> you some very flexible, very powerful options.RPvs> Yes, but if all the other computers were using SMBv2 (at a minimum) how RPvs> could they 'talk' to the computer that only used SMBv1 and how could it RPvs> 'talk' to them ? RPvs> Look at it this way, there are 20 people in a room, 19 only speak RPvs> English and one only speaks French (or any language that isn't a RPvs> variant of English), 19 people will understand each other, but the one RPvs> person that doesn't speak English will not understand the other 19 and RPvs> they will not understand the one.