Project

General

Profile

Bug #34762

Disable SMB1 by default

Added by Cpu Roast almost 3 years ago. Updated over 2 years ago.

Status:
Done
Priority:
No priority
Assignee:
John Hixson
Category:
OS
Target version:
11.2-BETA2
Seen in:
11.1-U5
Severity:
Medium
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

To this day FreeNAS 11.1 U5 still allows SMB1 by default.

Because of the change to the UI, removing the Min/Max SMB version options, SMB1 is most likely enabled on the majority of FreeNAS systems out there.

Before the change, I had set a min of SMB2 and a max of SMB3, which is a sane default in this day and age.
After the change, it reverted my settings back to the FreeNAS defaults, which seems to be a min of SMB1 and a max of SMB3. I fixed that with an aux param of "min protocol = SMB2"

I propose that the setting be upgraded for security reasons to include "min protocol = SMB2" as a default.
If someone has to support legacy clients, they can set "min protocol = NT1" in aux params themselves, at least until samba removes SMB1 support, which they may eventually do.

Supporting archaic versions of Windows and samba is something FreeNAS, at least by default, should no longer do.

Related issues

Related to FreeNAS - Bug #40996: Printer cannot connect to smb shareClosed
Copied to FreeNAS - Bug #40716: Disable SMB1 by defaultDone

Associated revisions

Revision 23ef1d2f (diff)
Added by John Hixson almost 3 years ago

Turn off SMB1 Ticket: #34762

Revision 42f764b2 (diff)
Added by John Hixson almost 3 years ago

Disable UNIX extensions when SMB >= 2 Ticket: #34762

Revision 731bc541 (diff)
Added by John Hixson over 2 years ago

Turn off SMB1 Ticket: #34762 (cherry picked from commit 23ef1d2fe8c733b74c98a26eb39f1a2c5d48b205) (11.1-stable) Ticket: #40716

Revision f1231523 (diff)
Added by John Hixson over 2 years ago

Disable UNIX extensions when SMB >= 2 Ticket: #34762 (cherry picked from commit 42f764b2f485efa104faf8a75aecbc182b280323) (11.1-stable) Ticket: #40716

History

#1 Updated by Dru Lavigne almost 3 years ago

  • Assignee changed from Release Council to Alexander Motin

#3 Updated by Alexander Motin almost 3 years ago

  • Assignee changed from Alexander Motin to John Hixson

#4 Updated by John Hixson almost 3 years ago

  • Status changed from Unscreened to Screened

#5 Updated by John Hixson almost 3 years ago

  • Target version changed from Backlog to 11.2-RC2

#7 Updated by John Hixson almost 3 years ago

  • Status changed from Screened to Ready for Testing

#8 Updated by Dru Lavigne almost 3 years ago

  • Status changed from Ready for Testing to In Progress

#9 Updated by Dru Lavigne almost 3 years ago

  • Target version changed from 11.2-RC2 to 11.2-BETA2

#10 Updated by John Hixson almost 3 years ago

  • Status changed from In Progress to Ready for Testing

#11 Updated by Dru Lavigne almost 3 years ago

  • Status changed from Ready for Testing to In Progress

#12 Updated by John Hixson almost 3 years ago

  • Status changed from In Progress to Ready for Testing

#13 Updated by Dru Lavigne almost 3 years ago

  • Subject changed from SMB1 should be disabled by default to Disable SMB1 by default
  • Needs Merging changed from Yes to No

#14 Updated by Bonnie Follweiler over 2 years ago

  • Status changed from Ready for Testing to Passed Testing
  • Needs QA changed from Yes to No

Test Passed in FreeNAS-11.2-MASTER-201807190857
(Build Date: Jul 19, 2018 12:3)

#15 Updated by Dru Lavigne over 2 years ago

  • Status changed from Passed Testing to Done
  • Needs Doc changed from Yes to No

#16 Updated by John Hixson over 2 years ago

  • Copied to Bug #40716: Disable SMB1 by default added

#17 Updated by Dru Lavigne over 2 years ago

  • Related to Bug #40996: Printer cannot connect to smb share added

#18 Updated by Cpu Roast over 2 years ago

  • Description updated (diff)

Also available in: Atom PDF