[Samba] Disable Samba V1 communication protococl between server and AD controller
Jeremy Allison
jra at samba.org
Mon Jun 19 18:09:02 UTC 2017
On Mon, Jun 19, 2017 at 04:52:42PM +0000, Mengxing Cheng via samba wrote:
> Dear Samba community,
>
> My name is Mengxing Cheng and I am HPC system admin at the University of Chicago. We run Samba 3.6.23-25 on Red Hat Enterprise Linux Server release 6.7. We would like to completely close v1 as suggested by the campus security team.
>
> The problem is that, though we have specify min protocol = SMB2 in the [global] section of smb.conf, some v1 communications as follows still appear in the packet captures on the AD controllers.
>
> SMB:C; Negotiate, Dialect = PC NETWORK PROGRAM 1.0, MICROSOFT NETWORKS 1.03
> SMB:R; Negotiate, Dialect is NT LM 0.12(#9), SpnegoToken(1.3.6.1.5.5.2)
>
> Does anyone know how to completely disable v1 protocol?
>
> Thank you!
I think you're going to need to upgrade to Samba 4.6.x
in order to make progress here. It's probably winbindd
from 3.6.x that is making these connections.
More information about the samba
mailing list