Univention Bugzilla – Full Text Bug Listing |
Summary: | Allow configuration of SMB "min protocol" via UCR | ||
---|---|---|---|
Product: | UCS | Reporter: | Felix Botner <botner> |
Component: | Samba4 | Assignee: | Felix Botner <botner> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | normal | ||
Priority: | P5 | CC: | alexander.wotschke, andree.hingst, best, gohmann, grandjean, lutz.willek, mathieu.simon, stephan.hendl, stoeckigt, troeder |
Version: | UCS 4.2 | ||
Target Milestone: | UCS 4.2-0-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Feature Request | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | Yes | |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | 2017051321000422, 2017051721000059 | Bug group (optional): | External feedback, Security |
Max CVSS v3 score: | |||
Bug Depends on: | 44591, 44644 | ||
Bug Blocks: | 44646 |
Description
Felix Botner
2017-05-22 12:52:58 CEST
added samba/min/protocol univention-samba4 r79487 univention-samba4.yaml added samba/client/max/protocol and samba/client/min/protocol univention-samba4.yaml r79507 univention-samba4 r79506 Ok works. I added a warning note to the advisory that raising samba/min/protocol also requires raising samba/client/max/protocol (default: NT1): ucr set samba/min/protocol=smb2 samba/client/max/protocol=smb2 Hi Felix and Arvid Thank you for the integration. In addition I've re-read in smb.conf(5) that usually one should not need to raise the "client min protocol" version: "Normally this option should not be set as the automatic negotiation phase in the SMB protocol takes care of choosing the appropriate protocol." This seems to be followed by at least 2 NAS appliance systems which I have cross-checked: Qnap's current QTS 4.3 (using Samba 4.4.9 on the particular model) and FreeNAS 9.10.2-U3 (Samba 4.5.5). Both management UIs offer an option to raise the minimal protocol version but samba-tool testparm -v eventually reveals they "only" raise the server min version. |