Default setting for "client max protocol" is NT1

Stefan Metzmacher metze at samba.org
Sat Nov 5 09:51:54 UTC 2016


Am 04.11.2016 um 17:48 schrieb Jeremy Allison:
> This was brought to my attention recently:
> 
> int lpcfg_client_max_protocol(struct loadparm_context *lp_ctx)
> {
> 	int client_max_protocol = lpcfg__client_max_protocol(lp_ctx);
> 	if (client_max_protocol == PROTOCOL_DEFAULT) {
> 		return PROTOCOL_NT1;
> 	}
> 	return client_max_protocol;
> }
> 
> This is correct from the man page:
> 
>     <para>The value <constant>default</constant> refers to <constant>NT1</constant>.</para>
> 
> However - "client ipc max protocol" has:
> 
> int lpcfg_client_ipc_max_protocol(struct loadparm_context *lp_ctx)
> {
>         int client_ipc_max_protocol = lpcfg__client_ipc_max_protocol(lp_ctx);
>         if (client_ipc_max_protocol == PROTOCOL_DEFAULT) {
>                 return PROTOCOL_LATEST;
>         }
> ...
> 
> PROTOCOL_LATEST == PROTOCOL_SMB3_11. And indeed looking at the
> man page we have:
> 
>     <para>The value <constant>default</constant> refers to the latest
>     supported protocol, currently <constant>SMB3_11</constant>.</para>
> 
> Do we want to change the default for "client max protocol" to be
> PROTOCOL_LATEST to match "client ipc max protocol" ?

Yes, we want that, but not until every feature that works against
a Windows server with NT1 also work with SMB2/3.

There were several bug reports, I'm not sure if they're still open.

It would be really good to have all smbclient features tested in a
blackbox test,
I guess do a lot already, but I'm pretty sure not everything.
Once we have that we need to run that with -mSMB3_11 and if it works the
same way we can switch the default.

(We also need to check all other client tools, in order to change the
default
for smb.conf)

One thing I'm struggling with is this in
source3/libsmb/clidfs.c:do_connect():

        if ( show_sessetup ) {
                if (*c->server_domain) {
                        DEBUG(0,("Domain=[%s] OS=[%s] Server=[%s]\n",

c->server_domain,c->server_os,c->server_type));
                } else if (*c->server_os || *c->server_type) {
                        DEBUG(0,("OS=[%s] Server=[%s]\n",
                                 c->server_os,c->server_type));
                }
        }

I'd really like to get rid of gensec_ntlmssp_server_domain().

If we could remove this completely or replace with some wkssvc or srvsvc
RPC calls, to make it more reliable across the protocols.

Or we simply just display the result of smbXcli_conn_remote_name()
and the used protocol string.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20161105/606fc851/signature.sig>


More information about the samba-technical mailing list