Samba says its next release will switch off previously on-by-default support for the aging and easily subverted SMB1 protocol. It can be reenabled for those truly desperate to use the godforsaken deprecated protocol version.
The open-source SMB toolkit's developers say the Samba 4.11 build, currently in preview, will by default set SMB2_02 as the earliest supported version of the Windows file-sharing protocol.
"This means clients without support for SMB2 or SMB3 are no longer able to connect to smbd (by default)," the 4.11 release notes read.
"It also means client tools like smbclient and others, as well as applications making use of libsmbclient are no longer able to connect to servers without SMB2 or SMB3 support (by default)."
Admins will still have the option to allow SMB1 on their servers if they so choose, but support will be turned off by default.
The move by Samba to drop SMB1 can be seen as long overdue, given that Microsoft has been moving to get rid of the file-server protocol version from its operating systems for several years now, even before it was revealed to be one of the NSA's favorite weak points to exploit.
Do any Soylentils have any systems that will be affected by this? How hard is it for you to upgrade?
(Score: 2, Interesting) by Anonymous Coward on Tuesday July 09 2019, @08:37PM (1 child)
No matter what I tried, nothing but SMB1 worked after Win10 updated. Linux could see Win, but not the other way around. And there's no way I'm using Windows share folder or whatever POS it was called, it lets Linux see the entire $USER directory if you share any folder in it.
(Score: 0) by Anonymous Coward on Tuesday July 09 2019, @09:22PM
That's because the Windows update also broke the master browser. Make any other computer, but a Windows 10 machine, the master browser and it will fix the issue.
(Score: 4, Interesting) by darkpixel on Tuesday July 09 2019, @09:30PM
"Do any Soylentils have any systems that will be affected by this? How hard is it for you to upgrade?"
Yes. Every crap copier ever manufactured.
(Score: 3, Informative) by nobu_the_bard on Tuesday July 09 2019, @09:32PM (3 children)
I have a bunch of ancient multifunction printers that can only use SMB1 for scan-to-folder. It's a serious bother.
I couldn't get the users to use scan-to-email; it was set up via a SMTP proxy specifically set up to accept these ancient things' mails but send to other mail systems more securely, but the users refused to change their patterns without hand holding and I didn't have the time to retrain everyone at every site.
A few of the printers got replaced this year though, maybe I get lucky and the rest get replaced too. Perhaps I should borrow my friends' ice axe...
(Score: 5, Interesting) by zocalo on Tuesday July 09 2019, @10:00PM (1 child)
Personally though, I'd probably have a strange outbreak of printer failures beset the office. So many creative ways to let the magic smoke out...
UNIX? They're not even circumcised! Savages!
(Score: 2) by nobu_the_bard on Wednesday July 10 2019, @12:28PM
That's an interesting idea, but actually part of the reason to use the SMTP proxy was I already had it from another project (so it was a major time savings).
Still good thinking, I can't believe that SMB proxy didn't occur to me.
(Score: 2) by PartTimeZombie on Tuesday July 09 2019, @11:16PM
I am lucky enough to have a brutal network security guy who turned off scan to folder for exactly this reason a few months ago.
No discussion. If you don't like it, take it up with my manager.
I am pretty sure his manager issued the order.
(Score: 4, Interesting) by sjames on Tuesday July 09 2019, @09:49PM
Some server's management processors offer to mount a boot disk over a Windows share. I wonder how many of those insist on SMB1?
(Score: 2) by goodie on Tuesday July 09 2019, @10:05PM
My old FreeBSD box that I used as an SMB share for my windows machines stopped being useful when my work computer got a Windows update that killed support for it. Was a good opportunity to rebuild it from scratch so a good for a bad I guess :)
(Score: 0) by Anonymous Coward on Wednesday July 10 2019, @02:09AM
I used to be able to connect to my Windows 7 computers with Ubuntu 16 until a few weeks ago - ubuntu 18 never was able to connect
(Score: 3, Interesting) by NCommander on Wednesday July 10 2019, @06:39AM (1 child)
I tend to use Samba and SMBv1 with retro hardware since it can handle the old-style LANMAN authentication so I can simply plot MS NET on a machine and NET USE the share and still be able to poke it with a modern editor (and tools) from Linux. That being said, maybe I should see if I can get the old ncp software out or build a NetWare server in a VM and shove it somewhere on my network and live the IPX glory days.
Still always moving
(Score: 0) by Anonymous Coward on Monday July 15 2019, @09:53AM
I've checked and 4.9 still seems to have IPX still included, although neither devuan nor fedora still compile it. That is the last currently supported Linux kernel version I know for fact has it and have tested it. I've been talking about trying to do a series of git bisects/diffs while hunting down all the IPX removal patches to add it back in, but I don't know if I can find enough people interested and willing to support it (plus it still needs its own iptables/netfilter support added for security purposes.)
Are you perhaps interested in such a project, or know people who are?
(Score: 2) by epitaxial on Wednesday July 10 2019, @01:54PM
I never could get samba and windows to play nice with Linux filenames having a : in them. Even with catia mapping Windows could see the files but not open or copy them. Finally changed my bash script to use a custom date/time format instead of the default.