Bug 1785248

Summary: [RHEL8 Docs]: SMB1 is disabled defaultly
Product: Red Hat Enterprise Linux 8 Reporter: xiaoli feng <xifeng>
Component: DocumentationAssignee: Marc Muehlfeld <mmuehlfe>
Documentation sub component: default QA Contact: Andrej Dzilský <adzilsky>
Status: CLOSED CURRENTRELEASE Docs Contact: Marc Muehlfeld <mmuehlfe>
Severity: unspecified    
Priority: medium CC: asn, gdeschner, iboukris, jarrpa, jstephen, lmanasko, rhel-docs, xzhou
Version: 8.2Keywords: Documentation
Target Milestone: rc   
Target Release: 8.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
.The SMB1 protocol has been disabled in the Samba server and client utilities by default In Samba 4.11, the default values of the `server min protocol` and `client min protocol` parameters have been changed from `NT1` to `SMB2_02` because the server message block version 1 (SMB1) protocol is deprecated. If you have not set these parameters in the `/etc/samba/smb.conf` file: * Clients that only support SMB1 are no longer able to connect to the Samba server. * Samba client utilities, such as `smbclient`, and the `libsmbclient` library fail to connect to servers that only support SMB1. Red Hat recommends to not use the SMB1 protocol. However, if your environment requires SMB1, you can manually re-enable the protocol. To re-enable SMB1 on a Samba server: * Add the following setting to the `/etc/samba/smb.conf` file: ---- server min protocol = NT1 ---- * Restart the `smb` service: ---- # systemctl restart smb ---- To re-enable SMB1 for Samba client utilities and the `libsmbclient` library: * Add the following setting to the `/etc/samba/smb.conf` file: ---- client min protocol = NT1 ---- * Restart the `smb` service: ---- # systemctl restart smb ---- Note that the SMB1 protocol will be removed in a future Samba release.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-04 08:14:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description xiaoli feng 2019-12-19 13:48:28 UTC 
Description of problem:
From Samba 4.11.0, the SMB1 protocol is disabled defaultly. I think we need a doc to show this. 
The method to enable SMB1 in RHEL-8.2 is add "min protocol=NT1" in smb.conf global section.

Version-Release number of selected component (if applicable):
samba-4.11.2-5.el8.x86_64

How reproducible:
100%
Steps to Reproduce:
1. mount //localhost/cifs cifs -o vers=1.0
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Andreas Schneider 2019-12-19 16:28:01 UTC 
Marc, what is the best way to document this, just update the RHEL 8.2 docs?
Comment 2 Marc Muehlfeld 2020-01-08 08:56:33 UTC 
I would suggest:

1) Adding a short section "Configuring the minimum SMB protocol version supported by a Samba server" to the Samba server docs (https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/deploying_different_types_of_servers/). This section could mention the new default in RHEL >=8.2 and provide a procedure how to set "server min protocol".

2) Adding a 8.2 Release Note that tells the user about the new default. We can either list the new default in the Samba rebase RN or, if it's important enough, write a separate RN just about the new default. I would prefer the latter, because it may break several old clients, such as scanner devices which store files on a Samba share.

The docs about mounting an SMB share (https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/managing_file_systems/assembly_mounting-an-smb-share-on-red-hat-enterprise-linux_managing-file-systems) should be sufficient. For example, "7.7. Frequently used mount options" already mentions the "vers" mount option.

Andreas, what do you think about my suggestions?
Comment 3 Andreas Schneider 2020-01-08 16:15:57 UTC 
Sounds like a perfect plan.

Thanks!
Comment 9 Marc Muehlfeld 2020-05-04 08:14:07 UTC 
The documentation is now available on the Customer Portal:

New section about setting the minimum SMB version:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/deploying_different_types_of_servers/index#setting-the-minimum-smb-protocol-version-supported-by-a-samba-server_assembly_using-samba-as-a-server

RN about disabled SMB1 protocol in Samba:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/new-features#BZ-1785248