Disabling SMB1 by default

Moritz Bechler bechler at agno3.eu
Tue Jun 20 18:12:13 UTC 2017


>> I meant that with SMB1 enabled in the samba client, it will always
>> attempt SMB1 first with a multi-protocol negotiate.
> Interesting. The Windows client will check to see if it has previously connected
> to the server since the boot epoch, and even if SMB1 is enabled it will jump
> straight to SMB2-only negotiate if a previous SMB2 negotiate succeeded. If
> SMB1 is disabled of course it does SMB2-style unconditionally.

Imho, there really is not much to be gained by using the non-backward
compatible SMB2 negotiation (even with SMB1 disabled) except for one
less round-trip on connection setup. Of course, checking the minimum
allowed dialect is must (one does not even have to really parse the
possible SMB1 negotitate response for that). The downside of using the
SMB2 only negotiation is that instead of a (hopefully) proper indication
that the server does not support SMB2+ you'll just get a connection
reset (or worse).


AgNO3 GmbH & Co. KG, Sitz Tübingen, Amtsgericht Stuttgart HRA 728731
Persönlich haftend:
Metagesellschaft mbH, Sitz Tübingen, Amtsgericht Stuttgart HRB 744820,
Vertreten durch Joachim Keltsch

More information about the samba-technical mailing list