smbclient --max-protocol=NT1: why it requres setting MIN protocol too?
Rowland Penny
rpenny at samba.org
Tue Oct 25 18:07:36 UTC 2022
On 25/10/2022 19:00, Michael Tokarev wrote:
> 25.10.2022 20:57, Rowland Penny via samba-technical wrote
> ..
>> I am just trying to understand this, from what I thought I knew. SMB
>> is a negotiating protocol, so shouldn't smbclient negotiate the best
>> version of SMB to use ? i.e. You shouldn't have to tell it what
>> version to use.
>
> Well, it does the right thing. NT1 or CORE are insecure protocols,
> this is why they've been disabled. A bad m-i-m can force a negotiation
> to be agreed upon an insecure protocol. So you have to explicitly
> tell smbclient to use known-bad one.
>
> /mjt
While you are technically correct, surely SMBv1 should only be used by
smbclient if the server is set up to use SMBv1 and will only be used if
none of the SMBv3 or SMBv2 versions are available on the server.
Or am I misunderstanding something ?
Rowland
More information about the samba-technical
mailing list