Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

SMB Configuration hardening options

Featured Replies

Coming from this thread: 

 

I would really appreciate a simple GUI way to configure additional SAMBA/SMB options for my server. 

 

Specifically I'm interested in changing the following options to improve the security of the server: 

server min protocol = SMB3_11
client min protocol = SMB3_11
client ipc min protocol = SMB3_11
null passwords = No
client signing = required
client protection = encrypt
server signing = mandatory
server smb encrypt = required
client ipc signing = required
ntlm auth = ntlmv2-only
null passwords = No

 

Rather than using the SMB extra configuration field which I'm finding confusing and difficult to use. I would rather these options be available under 'SMB Settings' as drop-down options (for example, 'Enable NetBIOS' is currently listed there). 

 

I think that the out of the box defaults should remain as broadly compatible as possible but it should not be a difficult process to enable high security configurations on the server. 

 

Thanks,

 

+1 for this.

Count me in on this...

+1  ´d be nice to have

+1

 

All these options should be the default as it would be more secure. Then instead a toggle for anyone having issues or running older hardware.

  • 1 month later...
  • Author

I wrote a quick guide on how to achieve a hardened configuration if anyone is interested:

 

 

  • 2 months later...
On 1/28/2022 at 4:49 AM, dlandon said:

Security settings are planned for 6.10.

will this be included as the new default settings? or the settings will be visible from webui?

2 minutes ago, L0rdRaiden said:

will this be included as the new default settings? or the settings will be visible from webui?

In order to support legacy devices using SMB2 and connecting to Unraid shares. the implementation of these security settings will have to be configurable.  Because of the desire to get 6.10 released, it is being held up for now.

 

For the time being, you can put those settings with a [global] tag in smb-extra.conf.

3 minutes ago, dlandon said:

In order to support legacy devices using SMB2 and connecting to Unraid shares. the implementation of these security settings will have to be configurable.  Because of the desire to get 6.10 released, it is being held up for now.

 

For the time being, you can put those settings with a [global] tag in smb-extra.conf.

 

 

right now it's like this, so it's wrong? Do you mean that I have to add [global] in my config?

like

[global]

server min protocol = SMB3_11

client ipc min protocol = SMB3_11

client signing = mandatory

server....

imagen.png.43153227743f8a021120ec8b1be6e4e7.png

 

35 minutes ago, L0rdRaiden said:

 

 

right now it's like this, so it's wrong? Do you mean that I have to add [global] in my config?

like

[global]

server min protocol = SMB3_11

client ipc min protocol = SMB3_11

client signing = mandatory

server....

imagen.png.43153227743f8a021120ec8b1be6e4e7.png

 

It probably works, but you should not assume [global].  Add the [global] tag ahead of your settings.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.