Turning off SMB1 make slashdot and theregister !

Rowland penny rpenny at samba.org
Thu Jul 25 19:46:39 UTC 2019 

On 25/07/2019 20:27, Andrew Bartlett wrote:
> On Thu, 2019-07-25 at 20:18 +0100, Rowland penny via samba-technical
> wrote:
>> On 25/07/2019 19:59, Andrew Bartlett via samba-technical wrote:
>>> We can't do that until we provide a reasonable way for SMB1 clients
>>> to
>>> connect, probably via a SMB1 -> SMB2 proxy based on the NTVFS file
>>> server (where we had such a prototype until very recently).
>>>
>>> It won't be perfect SMB1, but needs to be enough for basic
>>> operation.
>>>
>>> I'm quite convinced Samba and SMB1 are critical infrastructure in
>>> many
>>> places and while we may dislike SMB1 for good reasons the
>>> alternative
>>> is to force such installations to rely on what will in 2 years be
>>> an
>>> unsupported and therefore soon an insecure version.
>>>
>>> I'm not comfortable with that as an outcome, so we need to provide
>>> them
>>> a way forward.
>>>
>>> Andrew Bartlett
>>>
>> Andrew, why do we need to keep anything like SMBv1 around in the long
>> term ?
>>
>> If you do an internet search, you will find blogs from Microsoft
>> employees nearly begging people not to use SMBv1 and the fact that
>> new
>> Windows 10 installs have SMBv1 turned off by default, leads me to
>> think
>> that it wont be long before it is totally removed from windows.
>>
>> If SMBv1 is removed from windows, then the major user base will
>> disappear, so are you saying Samba should keep SMBv1 around just for
>> Unix users ?
> I'm more thinking about the DOS users, the OS/2 users and the Windows
> 3.11 users.

If people are prepared to use old programs such as these, then they are 
also probably using old OS versions and presumably will be prepared to 
use old versions of Samba.

I do not really know what you are planning, but if it has anything to do 
with SMBv1, then, in my opinion, it will be wasted effort, it is 
unlikely there will be anything modern that will talk SMBv1.

>
>> If you are considering the Network Browsing problem, then there are
>> other ways to do this.
> It isn't browsing.  Samba is the glue that holds a lot of things
> together.

Yes, glue made from water and flour i.e. not a very good glue.

I know your feelings on on keeping the old ways working, but there comes 
a time when you have to accept that keeping some things going isn't 
worth the effort and can hold other things back.

>
> I'm sure we will find out a little of this in a year or so, when 4.11
> starts to be seriously used in production.
>
> Andrew Bartlett
>
We already are, there are some very weird ways of doing things turning 
up, things that had to be done that particular because they couldn't be 
done any other way at the time. Things that could now be done easier 
with AD.

Rowland

More information about the samba-technical mailing list