Stories
Slash Boxes
Comments

SoylentNews is people

Samba Finally Dumps Defaulting to Support Unsafe SMB1 Protocol

posted by Fnord666 on Tuesday July 09 2019, @08:19PM   Printer-friendly
from the about-time dept.

martyb writes:

Years late to the SMB1-killing party, Samba finally dumps the unsafe file-sharing protocol version by default:

Samba says its next release will switch off previously on-by-default support for the aging and easily subverted SMB1 protocol. It can be reenabled for those truly desperate to use the godforsaken deprecated protocol version.

The open-source SMB toolkit's developers say the Samba 4.11 build, currently in preview, will by default set SMB2_02 as the earliest supported version of the Windows file-sharing protocol.

"This means clients without support for SMB2 or SMB3 are no longer able to connect to smbd (by default)," the 4.11 release notes read.

"It also means client tools like smbclient and others, as well as applications making use of libsmbclient are no longer able to connect to servers without SMB2 or SMB3 support (by default)."

Admins will still have the option to allow SMB1 on their servers if they so choose, but support will be turned off by default.

The move by Samba to drop SMB1 can be seen as long overdue, given that Microsoft has been moving to get rid of the file-server protocol version from its operating systems for several years now, even before it was revealed to be one of the NSA's favorite weak points to exploit.

Do any Soylentils have any systems that will be affected by this? How hard is it for you to upgrade?

Original Submission

 
This discussion has been archived. No new comments can be posted.
Samba Finally Dumps Defaulting to Support Unsafe SMB1 Protocol | Log In/Create an Account | Top | 13 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by NCommander on Wednesday July 10 2019, @06:39AM (1 child)

    by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Wednesday July 10 2019, @06:39AM (#865305) Homepage Journal

    I tend to use Samba and SMBv1 with retro hardware since it can handle the old-style LANMAN authentication so I can simply plot MS NET on a machine and NET USE the share and still be able to poke it with a modern editor (and tools) from Linux. That being said, maybe I should see if I can get the old ncp software out or build a NetWare server in a VM and shove it somewhere on my network and live the IPX glory days.

    --
    Still always moving
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 0) by Anonymous Coward on Monday July 15 2019, @09:53AM

    by Anonymous Coward on Monday July 15 2019, @09:53AM (#867130)

    I've checked and 4.9 still seems to have IPX still included, although neither devuan nor fedora still compile it. That is the last currently supported Linux kernel version I know for fact has it and have tested it. I've been talking about trying to do a series of git bisects/diffs while hunting down all the IPX removal patches to add it back in, but I don't know if I can find enough people interested and willing to support it (plus it still needs its own iptables/netfilter support added for security purposes.)

    Are you perhaps interested in such a project, or know people who are?