[Samba] Allow only one computer SMB v1
nick.e.couchman at gmail.com
Tue Jun 29 20:37:08 UTC 2021
On Tue, Jun 29, 2021 at 4:30 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Tue, 2021-06-29 at 16:18 -0400, Nick Couchman wrote:
> > If I understand the question correctly, I believe Stephen is asking
> > if you could limit support for SMBv1 to a single client, allowing
> > only that client to talk to the Samba server with SMBv1, while
> > forcing all other computers to talk with SMBv2/3, etc.
> > My thought is you could possibly do this using the include directive
> > in the smb.conf file to include a per-machine configuration file,
> > perhaps based on IP address. Something like this:
> > include = /etc/samba/clients/%I.conf
> > You could then have a configuration file specifically for that
> > machine that would lower the SMB protocol level down to 1, and all
> > other machines could use the default.
> > I might be off on that, it isn't something I've tried, but Samba's
> > support for configuration includes and variable substitutions gives
> > you some very flexible, very powerful options.
> Yes, but if all the other computers were using SMBv2 (at a minimum) how
> could they 'talk' to the computer that only used SMBv1 and how could it
> 'talk' to them ?
Right, but, as I understand it from the original question, the computer
that needs to speak SMBv1 is a network scanning device. So, if the Samba
server has a share on it, say it's called "Scans", and the network scanning
device can talk to the Samba server (only) via SMBv1 in order to drop
scanned documents into the Scans share, then all of the other computers on
the network can talk to the Samba server using SMBv2+ and the users can
pick up their scans from the Scans share on that same server.
The network scanning device need not be able to talk to any other computer
on the network in order to facilitate this kind of workflow, and it
maintains a higher level of security for most of the devices talking to the
More information about the samba