I use a Linux system with Ubuntu 18.04.5.
Te file /etc/samba/smb.conf contains the rules:
client min protocol = SMB3and
smb encrypt = requiredThe command nmap -p445 -Pn -vvv --script smb-protocols on this system gives (between others) the following output:
Host script results: | smb-protocols: | dialects: | NT LM 0.12 (SMBv1) [dangerous, but default] | 2.02 | 2.10 | 3.00 | 3.02 |_ 3.11Is that in contrast to each other?
In Samba it is set that the minimum SMB protocol is 3. nmap reports the dangerous SMBv1 protocol anyway.
Can the Ubuntu system still be accessed with SMBv1?
1 Answer
The smb-protocols nmap script checks to see which smb dialects are present on the Samba server.
client min protocol sets the minimum smb dialect that server can use to connect to another server not the minimum dialects that a client to this server can use.
By default the version of samba used in Ubuntu 18.04 sets the server min to NT1 ( smbv1 ) and the max to SMBv3.
If you want to restrict access to this server to SMB3 and SMB3 only you need to set the server min protocol:
server min protocol = SMB3*Note: there are sub-variants to this dialect:
SMB3_00: Windows 8
SMB3_02: Windows 8.1
SMB3_10: early Windows 10
SMB3_11: Windows 10
By default SMB3 in smb.conf selects the SMB3_11 variant.*
1
