Disabling SMB1 by default

Tom Talpey ttalpey at microsoft.com
Tue Jun 20 20:04:14 UTC 2017


> -----Original Message-----
> From: David Mulder [mailto:dmulder at suse.com]
> Sent: Tuesday, June 20, 2017 11:40 AM
> To: Tom Talpey <ttalpey at microsoft.com>
> Subject: Re: Disabling SMB1 by default
> 
> 
> > Correct, but I strongly suggest addressing shortcomings in the clients you
> mention.
> > "Most"? Can you elaborate?
> >
> > Tom.
> >
> I believe that's from comments from the SMB team at Microsoft. I don't

Well, that would include me! But I am sure Ned Pyle has more data on this. We
are all meeting here in Redmond this week at the interop event, Jeremy and Steve
are here. Let's try to bring this up for discussion.

> remember exactly who I spoke with, but it was about a year ago when I
> was implementing an SMB2 client for Dell. They mentioned one reason for
> pre-auth integrity checks was because secure negotiate was implemented
> wrong by many vendors. I wasn't given any examples.

There are less than a handful of SMB3 clients, and while there are many SMB3
servers, I'm not aware of any with deficient secure negotiate capability. I'd suggest
if this is important to folks, that fresh data be gathered.

Tom.
 



More information about the samba-technical mailing list