kill security=share and security=server
simo
idra at samba.org
Thu Jan 27 12:06:12 MST 2011
On Thu, 2011-01-27 at 19:36 +0100, Volker Lendecke wrote:
> On Thu, Jan 27, 2011 at 09:47:53AM -0800, Jeremy Allison wrote:
> > > Also, implicitly mapping sec=share to sec=user in SMB2 just
> > > adds to the mess. Can we please remove that?
> >
> > I don't think we can do that. It allows people to move
> > to SMB2 simply by adding "max protocol = SMB2" and no
> > other changes. Remember we'll probably end up making
> > "max protocol = SMB2" the default, so we need to ensure
> > that existing smb.conf files will upgrade and work
> > without change.
> >
> > What is the problem with the mapping ? We already
> > had a bug report because it wasn't done completely
> > (and someone using security=share wanted to test
> > SMB2). I don't see why having the mapping causes a
> > problem.
>
> Ok, maybe you're right. I think it gives different semantics
> though depending on which client OS you're coming from, or
> what protocol the client decides to use. I would feel better
> if we had max protocol = smb1 for all security=share configs.
maybe we can force downgrade max protocol to smb1 if we find that
security = share is set, instead ?
And complain in the logs. This way if someone wants to use smb2 they
will know they have to stop using security = share
It may be a compelling reason for people to finally change their conf to
get rid of security = share and is completely backwards compatible as
they keep using the same protocol they were using before, so whatever
was working before still works the same way.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list