samba-tool domain trust: fix trust compatibility to Windows Server 1709 and FreeIPA

github at github at
Thu Apr 12 01:24:08 UTC 2018

New comment by abartlet on Samba Github repository
OK, so I've looked into this some more, and the client lib does strictly smb1 unless [smb2] is specified as a binding string.  The patch needs to be in the C code to remove this restriction or make it behave better.

I would be happy with us using smb2 by default (if "client ipc max protocol" permits) and instead having an [smb1] flag. 

Even better would be to have the auto-negotiation work correctly, but smb1 is going out of fashion quite fast these days so that might be a waste of effort. 

Finally, for establishing trusts, you should ensure the SMB connection is encrypted, as the crypto on the trust passwords is pathetic. 

More information about the samba-technical mailing list