Disabling SMB1 by default

David Mulder dmulder at suse.com
Tue Jun 20 13:35:37 UTC 2017


> Hi David, you say 'That's how the protocol is defined' , who is
> defining the protocol ?
Here's an example of a multi-protocol negotiate:
https://msdn.microsoft.com/en-us/library/dd541643.aspx
It's defined by the MS-SMB and MS-SMB2 specifications.
> It just seems strange that something to do with security starts at the
> weakest and works up. I would have thought it should start at the
> highest and work down to whatever is the lowest setting the syadmin
> wants to allow.
>
When it sends a negotiate, it does pick the highest available version.
It picks the highest version that _both_ the client and server support.
If say a samba server says it supports various SMB1 protocols, but also
supports SMB2+, and the client also happens to support SMB2+, then it
_will_ negotiate SMB2.

-- 
David Mulder
SUSE Labs Software Engineer - Samba
dmulder at suse.com
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton, HRB 21284 (AG N├╝rnberg)





More information about the samba-technical mailing list