smbclient --max-protocol=NT1: why it requres setting MIN protocol too?

Michael Tokarev mjt at
Tue Oct 25 18:00:56 UTC 2022

25.10.2022 20:57, Rowland Penny via samba-technical wrote
> I am just trying to understand this, from what I thought I knew. SMB is a negotiating protocol, so shouldn't smbclient negotiate the best version of 
> SMB to use ? i.e. You shouldn't have to tell it what version to use.

Well, it does the right thing. NT1 or CORE are insecure protocols,
this is why they've been disabled. A bad m-i-m can force a negotiation
to be agreed upon an insecure protocol. So you have to explicitly
tell smbclient to use known-bad one.


More information about the samba-technical mailing list