Blog

03/06/2019

How to configure Samba to use SMBv2 and disable SMBv1 on Linux or Unix



I am a new Linux user and for security reasons and to avoid ransomware, I would like to disable the SMB1 protocol in samba configuration on a CentOS Linux version 7 server. Is it possible to disable SMBv1 on a Linux or UNIX-like operating system?

Introduction:WannaCrypt/WannaCry targets the Microsoft Windows operating system. The attack spreads by phishing emails but also uses the EternalBlue exploit and DoublePulsar backdoor developed by the U.S. National Security Agency (NSA). If you are using older and unsupported operating systems such as Windows XP and Windows Server 2003, you will get infected. All of your files will be encrypted. To get back your files, you need to pay ransom payments in the cryptocurrency Bitcoin. Microsoft has released software updates for Windows XP and Windows Server 2003. You must apply those patches ASAP on Windows operating systems. In short Linux/Unix users are not affected by this attack. However, you must disable SMBv1 on Samba server running on Linux or Unix-like system.

Configure Samba to use SMBv2 and disable SMBv1 on Linux or Unix

Let us see how to disable SMBv1 on a Linux or Unix like systems.

Disable SMBv1 on Linux or Unix when using Samba

Samba is an open-source implementation of the SMB or CIFS protocol, which allows PC-compatible machines (especially Windows oese) to share files, printers, and other information with Linux and vice-versa.

Configuration to enable SMBv2

Edit smb.conf file, run:
$ sudo vi /etc/samba/smb.conf
Find the [global] section and append the following line:
min protocol = SMB2
Here is my updated file:

Fig.01: How to force SMB2 protocol in samba on Linux or Unix

The following seems to work with Windows 10/Linux clients too as noted by many in the comments section below:
protocol = SMB2
Save and close the file.

Restart the samba server

Run the following command on CentOS 7/RHEL 7/Fedora Linux:
$ sudo systemctl restart smb.service
Run the following command on Debian 8.x/Ubuntu 16.04 LTS Linux:
$ sudo systemctl restart smbd.service

Conclusion

And there you have it, SMBv1 disabled on a Linux or Unix samba server to avoid security issues.

Posted by: SXI ADMIN

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

14/08/2019

How to KVM, QEMU start or stop virtual machine from command line (CLI)

KVM or Kernel Based Virtual Machine is a popular virtualization technology. It allows you to run virtual guest machines over a host machine. To start...
14/08/2019

How to Docker backup Saving and restoring your volumes

Running a Docker volume backup First, we spin up a temporary container, and we mount the backup folder and the target Docker volume to this container....
12/08/2019

How to Start and Enable Firewalld on CentOS 7

In this article, we discuss how to start and enable firewalld. It is highly recommended that you have a firewall protecting your server.Pre-Flight CheckThese...