Samba says its next release will switch off previously on-by-default support for the aging and easily subverted SMB1 protocol. It can be reenabled for those truly desperate to use the godforsaken deprecated protocol version.
The open-source SMB toolkit's developers say the Samba 4.11 build, currently in preview, will by default set SMB2_02 as the earliest supported version of the Windows file-sharing protocol.
"This means clients without support for SMB2 or SMB3 are no longer able to connect to smbd (by default)," the 4.11 release notes read.
"It also means client tools like smbclient and others, as well as applications making use of libsmbclient are no longer able to connect to servers without SMB2 or SMB3 support (by default)."
Admins will still have the option to allow SMB1 on their servers if they so choose, but support will be turned off by default.
The move by Samba to drop SMB1 can be seen as long overdue, given that Microsoft has been moving to get rid of the file-server protocol version from its operating systems for several years now, even before it was revealed to be one of the NSA's favorite weak points to exploit.
Do any Soylentils have any systems that will be affected by this? How hard is it for you to upgrade?
(Score: 3, Informative) by nobu_the_bard on Tuesday July 09 2019, @09:32PM (3 children)
I have a bunch of ancient multifunction printers that can only use SMB1 for scan-to-folder. It's a serious bother.
I couldn't get the users to use scan-to-email; it was set up via a SMTP proxy specifically set up to accept these ancient things' mails but send to other mail systems more securely, but the users refused to change their patterns without hand holding and I didn't have the time to retrain everyone at every site.
A few of the printers got replaced this year though, maybe I get lucky and the rest get replaced too. Perhaps I should borrow my friends' ice axe...
(Score: 5, Interesting) by zocalo on Tuesday July 09 2019, @10:00PM (1 child)
Personally though, I'd probably have a strange outbreak of printer failures beset the office. So many creative ways to let the magic smoke out...
UNIX? They're not even circumcised! Savages!
(Score: 2) by nobu_the_bard on Wednesday July 10 2019, @12:28PM
That's an interesting idea, but actually part of the reason to use the SMTP proxy was I already had it from another project (so it was a major time savings).
Still good thinking, I can't believe that SMB proxy didn't occur to me.
(Score: 2) by PartTimeZombie on Tuesday July 09 2019, @11:16PM
I am lucky enough to have a brutal network security guy who turned off scan to folder for exactly this reason a few months ago.
No discussion. If you don't like it, take it up with my manager.
I am pretty sure his manager issued the order.