Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Software Microsoft Security Technology

Samba 4.11 Removes SMB1 File-Sharing Protocol Version By Default (theregister.co.uk) 40

Samba says version 4.11.0 will switch off previously on-by-default support for the aging and easily subverted SMB1 protocol. Slashdot reader Jeremy Allison - Sam shares a report from The Register detailing the new changes: The open-source SMB toolkit's developers say the Samba 4.11 build, currently in preview, will by default set SMB2_02 as the earliest supported version of the Windows file-sharing protocol. Admins will still have the option to allow SMB1 on their servers if they so choose, but support will be turned off by default. The move by Samba to drop SMB1 can be seen as long overdue, given that Microsoft has been moving to get rid of the file-server protocol version from its operating systems for several years now, even before it was revealed to be one of the NSA's favorite weak points to exploit. You can read the 4.11 release notes here.
This discussion has been archived. No new comments can be posted.

Samba 4.11 Removes SMB1 File-Sharing Protocol Version By Default

Comments Filter:
  • by Anonymous Coward

    Samba is simply doing the safe and rational thing and ensuring SMB1 protocol is not available for attacks against a higher revision and otherwise secure SMB network if at all possible. The encryption in SMB1 has been broken for years, and even SMB2 I believe has issues of its own. I am not sure about the older protocols and if they have been removed, deprecated, or left out entirely, but this is nothing to complain about so long as regression testing and support for the feature is kept, even if only used by

    • In the vast majority of installs I've seen, SMB is not encrypted, and is not supposed to be -- it's there for file sharing between employees/family members/multiple personal machines in a local network. No Windows-using companies I've seen trust it enough for remote access to sensitive data.

      Thus, SMB1 is not an issue, as long as servers nor clients can't be DOSed.

      • Thus, SMB1 is not an issue, as long as servers nor clients can't be DOSed.

        I also have just family members in my house so none of my computer accounts are password protected. It's not like someone from the internet would try something nefarious.

        https://blog.malwarebytes.com/... [malwarebytes.com]
        The first paragraph basically says it all:
        "Some of the most devastating ransomware and Trojan malware variants depend on vulnerabilities in the Windows Server Message Block (SMB) to propagate through an organization’s network. Windows SMB is a protocol used by PCs for file and printer sharing, as well

  • Samba gives STATUS_BAD_NETWORK_NAME for anything from permission errors, to configuration errors, to your face is ugly. Any chance they'll fix this?
    • by Gojira Shipi-Taro ( 465802 ) on Wednesday July 10, 2019 @06:37PM (#58905012) Homepage

      I think expecting the Samba team to do something about your face is a little much.

    • Samba gives STATUS_BAD_NETWORK_NAME

      Yes, SMB gives gives networks a bad name.

  • Say goodbye to Windows XP and Server 2003.

    P.S. SMB1 support is still there but you have to enable it manually.

    • Say goodbye to Windows XP and Server 2003.

      Wait, are they still here?

      I thought they left..

      Why won't they leave???

    • by Wolfrider ( 856 )

      > Say goodbye to Windows XP and Server 2003

      â"If anyone is still running these systems in 2019 outside of a VM (especially in âoeproductionâ) - they pretty much deserve whatever they might catch. Running a 16 year old Windows-based OS for your server is basically lazy+insane, and a forced upgrade would benefit the ecosystem in general.

You are always doing something marginal when the boss drops by your desk.

Working...