Web lists-archives.com

Re: [Samba] Disable Samba V1 communication protococl between server and AD controller




On Mon, Jun 19, 2017 at 04:52:42PM +0000, Mengxing Cheng via samba wrote:
> Dear Samba community,
> 
> My name is Mengxing Cheng and I am HPC system admin at the University of Chicago. We run Samba 3.6.23-25 on Red Hat Enterprise Linux Server release 6.7. We would like to completely close v1 as suggested by the campus security team.
> 
> The problem is that, though we have specify min protocol = SMB2 in the [global] section of smb.conf, some v1 communications as follows still appear in the packet captures on the AD controllers.
> 
> SMB:C; Negotiate, Dialect = PC NETWORK  PROGRAM 1.0, MICROSOFT NETWORKS 1.03
> SMB:R; Negotiate, Dialect is NT LM 0.12(#9), SpnegoToken(1.3.6.1.5.5.2)
> 
> Does anyone know how to completely disable v1 protocol?
> 
> Thank you!

I think you're going to need to upgrade to Samba 4.6.x
in order to make progress here. It's probably winbindd
from 3.6.x that is making these connections.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba