Why is SMB2 still disabled in our client by default?

Andrew Bartlett abartlet at samba.org
Tue Mar 4 15:59:13 MST 2014

Just wondering, as it came up during the docs/param work:

Why do we only set 'client max protocol = NT1' by default?

What is required to move this up to SMB2/3?

The reason for my interest is that I still want to find a way to force
winbindd to require SMB signing for all authenticated connections, to
reduce our attack surface for future DCE/RPC bugs, and to validate that
the DC is really the one feeding us users and groups.


Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list