====== Ubuntu - Samba - SMB Protocol Versions ======

According to the [[https://wiki.samba.org/index.php/LinuxCIFSKernel|Samba Official Wiki]] the Linux cifs kernel client has been included in the kernel since kernel version 2.5.42.

SMB3 is the now the default dialect (SMB3.02/SMB3/SMB2.1 dialects are requested by default).

CIFS protocol (and other old dialects) can be selected (by specifying "vers=1.0" or "vers=2.02" in the mount options.



|vers=3.11|SMB3_11|Latest, more secure version. SMB3.11 can also be requested (vers=3.1.1).  By default SMB3 selects the SMB3_11 variant.|
|vers=3.10|SMB3_10|Early Windows 10 technical preview.|
|vers=3.02|SMB3_02|Windows 8.1|
|vers=3.0|SMB3|Windows 8, Windows Server 2012.  Mostly the same as SMB2_24|
|vers=2.24|SMB2_24|Windows 8 beta SMB2 version.|
|vers=2.22|SMB2_22|Early Windows 8 SMB2 version.|
|vers=2.1|SMB2_10|Windows 7, Windows Server 2008 R2.  The default is SMB2 is selected.|
|vers=2.0|SMB2_02|Vista SP1, Windows Server 2008|
|vers=1.0|SMB1|NT1 i.e. Windows 95, NT 4.0|

----

Specify with "vers=" and consider that the Linux kernel does not fully support all of the features in these new SMB versions. 
The newest, most secure dialect, SMB3.11 can also be requested (vers=3.1.1).

----

Add the following lines to /etc/samba/smb.conf

<WRAP todo>
TODO: Some of these may not work - so try different combinations.  PETER=FIX this
</WRAP>


<file bash /etc/samba/smb.conf>
server min protocol = SMB2
server max protocol = SMB3
client min protocol = SMB2
client max protocol = SMB3
min protocol = SMB2
max protocol = SMB3
protocol = SMB2
client ipc min protocol = SMB2
</file>

----

===== Configuration to enable SMBv2 =====

Edit smb.conf file:

Find the [global] section and append the following line:

<file bash /etc/samba/smb.conf>
...
[global]
...
  min protocol = SMB2
...
</file>

<WRAP alert>
WannaCry can spread via SMBv2 as well:

https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/
</WRAP>


The following gives best options:

<file bash> 
   client min protocol = SMB2
   client max protocol = SMB3
</file>

Also this works well:

<file bash> 
server min protocol = SMB2_10
client max protocol = SMB3
client min protocol = SMB2_10
</file>

----

===== Errors =====

Server:

<code bash>
min protocol = SMB2
</code>

Client:

<code bash>
smbclient -U=username -N –command=”dir Directory/*” //192.168.0.1/Directory
</code>

Error:

<code bash>
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
</code>

Try to Use:

<code bash>
protocol = SMB2
</code>