Disabling SMB1 by default

Andreas Hasenack andreas at canonical.com
Tue Jun 20 12:37:07 UTC 2017


On Tue, Jun 20, 2017 at 9:18 AM, David Mulder <dmulder at suse.com> wrote:

> The negotiate always begins with an SMB1 negotiate, and indicates
> whether SMB2+ is supported (this is called a multi-protocol negotiate).
> So, it doesn't work that way. If you disable SMB1, then it starts with
> SMB2+ negotiate. It doesn't 'fallback' to previous versions, it starts
> at the lowest supported and moves up. That's how the protocol is defined.
> So, enabling SMB3 by default will allow clients to negotiate up to SMB3
> if supported, but will also continue to support older versions.
>
> Thanks for the explanation.

The default for "client max protocol" is "NT1" (SMB1, right), and "client
min protocol" is "CORE". That sounds confusing to me right now, because it
seems to prevent SMB2+ from ever being used by the client. So how can the
client, out of the box, speak to, say windows 7?


More information about the samba-technical mailing list