[Samba] Allow only one computer SMB v1

[Robert Marcano]

On 7/2/21 10:08 AM, Stephen Atkins via samba wrote:
> On 6/29/2021 2:18 PM, Nick Couchman via samba wrote:
> 
>> If I understand the question correctly, I believe Stephen is asking if 
>> you
>> could limit support for SMBv1 to a single client, allowing only that 
>> client
>> to talk to the Samba server with SMBv1, while forcing all other computers
>> to talk with SMBv2/3, etc.
>>
>> My thought is you could possibly do this using the include directive 
>> in the
>> smb.conf file to include a per-machine configuration file, perhaps 
>> based on
>> IP address. Something like this:
>>
>> include = /etc/samba/clients/%I.conf
>>
>> You could then have a configuration file specifically for that machine 
>> that
>> would lower the SMB protocol level down to 1, and all other machines 
>> could
>> use the default.
>>
>> I might be off on that, it isn't something I've tried, but Samba's 
>> support
>> for configuration includes and variable substitutions gives you some very
>> flexible, very powerful options.
> 
> Question about how to implement this.
> 
> Would I need to have a copy of everything in my current smb.conf for 
> every computer?  If so that seems a bit painful for maintenance.  Or can 
> I just put the include at the bottom after all my other shares.  Then 
> when machine1 connects it uses machine1.conf and the parameters for that 
> single share.  Same goes for Machine2 and so on.  If a machine does not 
> have a .conf file for it, then it doesn't get to see that share, right? 
> Since I'm looking to have only one machine use SMBv1 would I need to 
> have that .conf file have a [global] section?

The include should be at the end of the global section preferably, and 
the file should only have:

   server min protocol = NT1

Think of the include command as literally inserting the file at that 
place when, in this case, the client IP matches (%I)

> 
> Thanks for the help.