Skip to content

Phaseout of SMB v1 protocol at CERN

Phaseout of SMB v1 protocol at CERN

The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows is known as Microsoft SMB Protocol. The Common Internet File System (CIFS) Protocol is a dialect of SMB.

Following protocol versions were introduced in different versions of Microsoft Windows:

  • SMB 1 - Windows 2000
  • SMB 2 - Windows Server 2008 and WIndows Vista SP1
  • SMB 2.1 - Windows Server 2008 R2 and Windows 7
  • SMB 3.0 - Windows Server 2012 and Windows 8

Samba - the free software re-implemetation of SMB/CIFS on Linux, implements following protocol versions:

  • SMB 1 - initial implementation
  • SMB 2 - Samba 3.6
  • SMB 2.1 - Samba 4.0.0
  • SMB 3 - Samba 4.0.0 (implementation is not complete)
See Samba protocol versions for more information.

Please read information about SMB version 1 phase-out at CERN.

Required configuration changes for Linux clients/servers

  • By default SLC5/SLC6/CC7 uses SMB version 1 protocol, in order to reconfigure your system following configuration changes are needed.

CERN CentOS 7 (CC7)

Samba client and server

In /etc/samba/smb.conf please add following lines in section [global]:

[global]
netbios name = HOSTNAME
security = ADS
workgroup = CERN
realm = CERN.CH
...

client min protocol = SMB2
client max protocol = SMB3
server min protocol = SMB2
server max protocol = SMB3

...
above configuration will preset required protocol versions for both samba client and sever as well as for graphical clients.

Alternatively: use -m smb2 (or -m smb3) parameter to smbclient tool:

smbclient -k -m smb2 (or -m smb3) //SMBSERVER/Share
(see also: Setting up Kerberized Samba Server on CentOS 7.X.)

Note: SMB3 protocol implementation for CC7 is considered experimental feature, for production systems please use recommended SMB2 version.

CERN DFS filesystem mount

DFS (cifs) mounting with protocol version 2.0/2.1/3.0 functions correctly with current release (7.5), running kernel-3.10.0-862 or newer.

Scientific Linux CERN 6 (SLC6)

Default system Samba version implements SMB version 2 protocol only partially (only in server and only some protocol dialects).

Samba client and server

As a workaround please install alternative Samba version from repositories:
# yum install samba4-client samba4
Note: this version conflicts with default one which needs to be removed:
# yum remove samba-client samba
Note: samba4 cannot be used together with sssd-ad Active Directory authentication provider (it is not used in default system installation).

In /etc/samba/smb.conf please add following lines in section [global]:

[global]
netbios name = HOSTNAME
security = ADS
workgroup = CERN
realm = CERN.CH
...

client min protocol = SMB2
client max protocol = SMB2
server min protocol = SMB2
server max protocol = SMB2

...
above configuration will preset required protocol versions for both samba client and sever.

Alternatively: use -m smb2 parameter to smbclient tool:

smbclient -k -m smb2  //SMBSERVER/Share
Note: SMB3 protocol implementation for SLC6 is incomplete please use SMB2 version.

CERN DFS filesystem mount

DFS (cifs) mounting with protocol version 2.0/2.1/3.0 is not implemented on SLC6, and will not be implemented in the future due to system samba and kernel versions.

Scientific Linux CERN 5 (SLC5)

Only SMB version 1 protocol is implemented, therefore SLC5 samba clients/servers are not compatible with clients/servers disabling SMB1.

As general user support for SLC5 ended on 31.03.2017 no further investigation is planned.