如何在 samba 中强制使用 SMB2 协议?

如何在 samba 中强制使用 SMB2 协议?

出于安全原因,我想禁用 SMB1 协议samba。可以吗?我正在运行 Ubuntu 14.04 LTS。

答案1

我使用 Nessus 进行的测试表明,SMBv1 仅在设置时禁用

min protocol = SMB2

在 smb.conf 的 [global] 部分中。Core、LANMAN2 和 NT1 仍然被标记为易受攻击。

答案2

我必须添加这个才能在我的老的ubuntu 12-server;使用最小/最大组合中的任一种,SMBv1 都已启用,但同时使用两种组合都可以正常工作。

[global]
min protocol = SMB2                                                                                 
max protocol = SMB2                                                                                 
client min protocol = SMB2
client max protocol = SMB2

答案3

虽然我不确定 SMB1 适合于哪里(我猜是 CORE),但以下是“man smb.conf”中协议的顺序

   max protocol (G)
       The value of the parameter (a string) is the highest protocol level that will be supported by the server.
       Possible values are :
       ·   CORE: Earliest version. No concept of user names.
       ·   COREPLUS: Slight improvements on CORE for efficiency.
       ·   LANMAN1: First
            modern version of the protocol. Long filename support.
       ·   LANMAN2: Updates to Lanman1 protocol.
       ·   NT1: Current up to date version of the protocol. Used by Windows NT. Known as CIFS.
       ·   SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and newer.

   min protocol (G)
       The value of the parameter (a string) is the lowest SMB protocol dialect than Samba will support. Please refer to the max
       protocol parameter for a list of valid protocol names and a brief description of each. You may also wish to refer to the C
       source code in source/smbd/negprot.c for a listing of known protocol dialects supported by clients.
       If you are viewing this parameter as a security measure, you should also refer to the lanman auth parameter. Otherwise, you
       should never need to change this parameter.
       Default: min protocol = CORE
       Example: min protocol = NT1

答案4

我认为您在 smb.conf 文件中寻找的是:

###
服务器最小协议 = SMB2_10
客户端最小协议 = SMB2
客户端最大协议 = SMB3

相关内容