December 14, 20214 yr Coming from this thread: I would really appreciate a simple GUI way to configure additional SAMBA/SMB options for my server. Specifically I'm interested in changing the following options to improve the security of the server: server min protocol = SMB3_11 client min protocol = SMB3_11 client ipc min protocol = SMB3_11 null passwords = No client signing = required client protection = encrypt server signing = mandatory server smb encrypt = required client ipc signing = required ntlm auth = ntlmv2-only null passwords = No Rather than using the SMB extra configuration field which I'm finding confusing and difficult to use. I would rather these options be available under 'SMB Settings' as drop-down options (for example, 'Enable NetBIOS' is currently listed there). I think that the out of the box defaults should remain as broadly compatible as possible but it should not be a difficult process to enable high security configurations on the server. Thanks,
December 27, 20214 yr +1 All these options should be the default as it would be more secure. Then instead a toggle for anyone having issues or running older hardware.
January 28, 20224 yr Author I wrote a quick guide on how to achieve a hardened configuration if anyone is interested:
April 10, 20224 yr On 1/28/2022 at 4:49 AM, dlandon said: Security settings are planned for 6.10. will this be included as the new default settings? or the settings will be visible from webui?
April 10, 20224 yr 2 minutes ago, L0rdRaiden said: will this be included as the new default settings? or the settings will be visible from webui? In order to support legacy devices using SMB2 and connecting to Unraid shares. the implementation of these security settings will have to be configurable. Because of the desire to get 6.10 released, it is being held up for now. For the time being, you can put those settings with a [global] tag in smb-extra.conf.
April 10, 20224 yr 3 minutes ago, dlandon said: In order to support legacy devices using SMB2 and connecting to Unraid shares. the implementation of these security settings will have to be configurable. Because of the desire to get 6.10 released, it is being held up for now. For the time being, you can put those settings with a [global] tag in smb-extra.conf. right now it's like this, so it's wrong? Do you mean that I have to add [global] in my config? like [global] server min protocol = SMB3_11 client ipc min protocol = SMB3_11 client signing = mandatory server....
April 10, 20224 yr 35 minutes ago, L0rdRaiden said: right now it's like this, so it's wrong? Do you mean that I have to add [global] in my config? like [global] server min protocol = SMB3_11 client ipc min protocol = SMB3_11 client signing = mandatory server.... It probably works, but you should not assume [global]. Add the [global] tag ahead of your settings.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.