Disabling SMB1 by default

Rowland Penny rpenny at samba.org
Tue Jun 20 12:59:54 UTC 2017

On Tue, 20 Jun 2017 06:18:03 -0600
David Mulder via samba-technical <samba-technical at lists.samba.org>

> The negotiate always begins with an SMB1 negotiate, and indicates
> whether SMB2+ is supported (this is called a multi-protocol
> negotiate). So, it doesn't work that way. If you disable SMB1, then
> it starts with SMB2+ negotiate. It doesn't 'fallback' to previous
> versions, it starts at the lowest supported and moves up. That's how
> the protocol is defined. So, enabling SMB3 by default will allow
> clients to negotiate up to SMB3 if supported, but will also continue
> to support older versions.

Hi David, you say 'That's how the protocol is defined' , who is
defining the protocol ?

It just seems strange that something to do with security starts at the
weakest and works up. I would have thought it should start at the
highest and work down to whatever is the lowest setting the syadmin
wants to allow.


More information about the samba-technical mailing list