| Anonymous | Login | 2024-04-20 06:51 MDT |
| Main | My View | View Issues | Change Log | Roadmap | Repositories |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0021581 | ClearOS | app-samba - Windows Networking | public | 2018-09-25 10:01 | 2018-10-24 17:58 | ||||
| Reporter | NickH | ||||||||
| Assigned To | user2 | ||||||||
| Priority | normal | Severity | tweak | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 7.5.0 Updates | ||||||||
| Target Version | Fixed in Version | 7.5.0 Updates | |||||||
| Summary | 0021581: Remove SMB1 from the samba configuration | ||||||||
| Description | Since the release of samba 4.7.1-9.v7, it is no longer necessary to force the SMB1 protocol for Win10 machines to join a domain. This obsoletes the webconfig entry "Windows 10 Domain Logons". This entry sets "server max protocol = NT1" in smb.conf. Taking it one stage further, NT1 or SMB1 is considered to be a security risk by Microsoft and others (it was leveraged by the WannaCry ransomware). We could disable SMB1 completely by setting "min protocol = SMB2" either forcibly (not sure) or by replacing "Windows 10 Domain Logons" with another item "Enable SMB1", which should be disabled by default on new installations. The reason you may not be able to disable it globally with an update is that it *may* disable ‘Network Neighborhood’ browsing, although this is now disabled by default in new installations of Win10 1803 update. | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0008021) NickH (developer) 2018-09-25 15:00 |
Simplified and for ClearOS7 only: Remove the Webconfig Windows Networking "Windows 10 Domain Logons" menu entry, and, if it exists, remove the "server max protocol = NT1" from smb.conf Add a Webconfig entry "SMB1 Protocol" which should have Enabled and Disabled values. In existing installations, do nothing in smb.conf and the Webconfig should read Enabled. In new installations in smb.conf set "min protocol = SMB2" which should show as Disabled in the Webconfig. I would love independent testing that this works but I've tested both parts of it. I have posted to the forum and replied to every Win10 domain ticket we have asking for verification. |
|
(0008271) dloper (administrator) 2018-10-23 12:47 |
Could leave it and simply change the text to be: Enable Legacy SMB1 protocol. Default set to no. No change if set to SMB1 |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2018-09-25 10:01 | NickH | New Issue | |
| 2018-09-25 10:11 | NickH | Severity | trivial => tweak |
| 2018-09-25 10:11 | NickH | Product Version | => 7.5.0 Updates |
| 2018-09-25 12:00 | user2 | Assigned To | => user2 |
| 2018-09-25 12:00 | user2 | Status | new => confirmed |
| 2018-09-25 15:00 | NickH | Note Added: 0008021 | |
| 2018-10-23 12:47 | dloper | Note Added: 0008271 | |
| 2018-10-23 13:16 | user2 | Status | confirmed => resolved |
| 2018-10-23 13:16 | user2 | Fixed in Version | => 7.5.0 Updates |
| 2018-10-23 13:16 | user2 | Resolution | open => fixed |
| 2018-10-24 17:58 | user2 | Status | resolved => closed |
|
Issue History |