Why is SMB2 still disabled in our client by default?

Stefan (metze) Metzmacher metze at samba.org
Fri Mar 28 06:36:11 MDT 2014


Am 04.03.2014 23:59, schrieb Andrew Bartlett:
> Just wondering, as it came up during the docs/param work:
> 
> Why do we only set 'client max protocol = NT1' by default?
> 
> What is required to move this up to SMB2/3?
> 
> The reason for my interest is that I still want to find a way to force
> winbindd to require SMB signing for all authenticated connections, to
> reduce our attack surface for future DCE/RPC bugs, and to validate that
> the DC is really the one feeding us users and groups.

Jeremy, are we sure each smbclient command and every libsmbclient
function call
work with SMB2? If so we could change the default for 4.2 to "SMB3".

metze


More information about the samba-technical mailing list