How to add parameter "max protocol = SMB2" to /etc/samba/smb.conf"?

NethServer Version: 6.9
Module: I dont know

What do you want to achieve?

Just add this string to /etc/samba/smb.conf

It’s explained in the developer manual…

BTW why do you need that parameter value?

I want to defence our network from wannacry, sambacry etc

where is developer manual? I’m not founded it

Sorry for not having post it before, I was in a hurry

Can you give some details about how that parameter can protect against those threats?

I read article from And after it, can’t connect to my shared folders. For fix it I need add this strings.

After read text from your link, I run this commands:

  1. mkdir -p /etc/e-smith/template-custom/etc/samba/smb.conf/
  2. cp /etc/e-smith/templates/etc/samba/smb.conf/10global /etc/e-smith/template-custom/etc/samba/smb.conf/
  3. add to this file “max protocol = SMB2” and “min protocol = SMB2”
  4. /etc/e-smith/events/nethserver-samba-update/S20nethserver-samba-conf

and nothing… File /etc/samba/smb.conf not contains this strings :frowning:

After a template has been changed an event is required:

 signal-event nethserver-samba-update
1 Like
signal-event nethserver-samba-update
bash: signal-event: command not found

It’s command for NS 6.9?

Yes it is, which version of NethServer do you have?

are you logged in as root or just as a simple user?

if the latter, if you want to become root, you need to do

su -

otherwise you won’t have the right path in your env

Did you do a “expand-template /etc/samba/smb.conf”?

BTW: I tried the same on a NS6.9, but after that Win7 Clients had no more access to the shared folder.
Turned back and the access was given again. Please let me know if it worked in your case.

my 2c: samba is not vulnerable to wannacry ramsonware if you keep it updated…

disabling such features won’t help you, 'cause if a client get the virus and the logged user has write access to samba shares, nothing can help you.

OTOH, disabling such a feature could have some unexpected and undesired effects on your clients and productivity.

the only way to defend yourself is:

  • keep all the machines uptodated (both server and clients)
  • have a good AV on server (for mail filtering) and on client too
  • have a good backup
  • work on your users’ net awareness… the best AV is the one between 2 ears

ofc, I’m run it as root

1 Like