Default setting for "client max protocol" is NT1

Jeremy Allison jra at samba.org
Fri Nov 4 19:06:42 UTC 2016 

On Sat, Nov 05, 2016 at 08:02:47AM +1300, Andrew Bartlett wrote:
> On Fri, 2016-11-04 at 09:48 -0700, Jeremy Allison wrote:
> > This was brought to my attention recently:
> > 
> > int lpcfg_client_max_protocol(struct loadparm_context *lp_ctx)
> > {
> > 	int client_max_protocol = lpcfg__client_max_protocol(lp_ctx);
> > 	if (client_max_protocol == PROTOCOL_DEFAULT) {
> > 		return PROTOCOL_NT1;
> > 	}
> > 	return client_max_protocol;
> > }
> > 
> > This is correct from the man page:
> > 
> >     <para>The value <constant>default</constant> refers to
> > <constant>NT1</constant>.</para>
> > 
> > However - "client ipc max protocol" has:
> > 
> > int lpcfg_client_ipc_max_protocol(struct loadparm_context *lp_ctx)
> > {
> >         int client_ipc_max_protocol =
> > lpcfg__client_ipc_max_protocol(lp_ctx);
> >         if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
> >                 return PROTOCOL_LATEST;
> >         }
> > ...
> > 
> > PROTOCOL_LATEST == PROTOCOL_SMB3_11. And indeed looking at the
> > man page we have:
> > 
> >     <para>The value <constant>default</constant> refers to the latest
> >     supported protocol, currently
> > <constant>SMB3_11</constant>.</para>
> > 
> > Do we want to change the default for "client max protocol" to be
> > PROTOCOL_LATEST to match "client ipc max protocol" ?
> 
> The issue is and the reason why things split out for IPC is that we
> didn't get unix extensions sorted out early enough for SMB2, so now
> there are a lot of Samba servers out there that don't know unix
> extensions on SMB2/3.
> 
> It is a hobson's choice, if we want the unix extensions to work in our
> client tool and libsmbclient, we have to keep this at SMB1, but we want
> SMB2 for other reasons.  We don't get to know what the end user wants
> via the current interfaces, and worse still the server may not turn out
> to support unix extensions anyway.

Well the lack of SMB2 unix extensions is partly my fault (intend
to get working on this Nov/Dec). But we could change the default
for smbclient/libsmbclient to be SMB2 for 4.6.x and people who want
unix extensions explicitly us -mNT1 or set the smb.conf appropriately.

So long as the matching Gnome gvfs works with 4.6.0 libsmbclient I don't see anything
breaking too badly (I'm planning to work with the gvfs people to make this so).

More information about the samba-technical mailing list