Table of Contents
Ubuntu - Samba - SMB Protocol Versions
According to the Samba Official Wiki the Linux cifs kernel client has been included in the kernel since kernel version 2.5.42.
SMB3 is the now the default dialect (SMB3.02/SMB3/SMB2.1 dialects are requested by default).
CIFS protocol (and other old dialects) can be selected (by specifying “vers=1.0” or “vers=2.02” in the mount options.
| vers=3.11 | SMB3_11 | Latest, more secure version. SMB3.11 can also be requested (vers=3.1.1). By default SMB3 selects the SMB3_11 variant. |
| vers=3.10 | SMB3_10 | Early Windows 10 technical preview. |
| vers=3.02 | SMB3_02 | Windows 8.1 |
| vers=3.0 | SMB3 | Windows 8, Windows Server 2012. Mostly the same as SMB2_24 |
| vers=2.24 | SMB2_24 | Windows 8 beta SMB2 version. |
| vers=2.22 | SMB2_22 | Early Windows 8 SMB2 version. |
| vers=2.1 | SMB2_10 | Windows 7, Windows Server 2008 R2. The default is SMB2 is selected. |
| vers=2.0 | SMB2_02 | Vista SP1, Windows Server 2008 |
| vers=1.0 | SMB1 | NT1 i.e. Windows 95, NT 4.0 |
Specify with “vers=” and consider that the Linux kernel does not fully support all of the features in these new SMB versions. The newest, most secure dialect, SMB3.11 can also be requested (vers=3.1.1).
Add the following lines to /etc/samba/smb.conf
TODO: Some of these may not work - so try different combinations. PETER=FIX this
- /etc/samba/smb.conf
server min protocol = SMB2 server max protocol = SMB3 client min protocol = SMB2 client max protocol = SMB3 min protocol = SMB2 max protocol = SMB3 protocol = SMB2 client ipc min protocol = SMB2
Configuration to enable SMBv2
Edit smb.conf file:
Find the [global] section and append the following line:
- /etc/samba/smb.conf
... [global] ... min protocol = SMB2 ...
WannaCry can spread via SMBv2 as well:
The following gives best options:
client min protocol = SMB2 client max protocol = SMB3
Also this works well:
server min protocol = SMB2_10 client max protocol = SMB3 client min protocol = SMB2_10
Errors
Server:
min protocol = SMB2
Client:
smbclient -U=username -N –command=”dir Directory/*” //192.168.0.1/Directory
Error:
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
Try to Use:
protocol = SMB2