03fc35ss Posted December 14, 2021 Share Posted December 14, 2021 Coming from this thread: I would really appreciate a simple GUI way to configure additional SAMBA/SMB options for my server. Specifically I'm interested in changing the following options to improve the security of the server: server min protocol = SMB3_11 client min protocol = SMB3_11 client ipc min protocol = SMB3_11 null passwords = No client signing = required client protection = encrypt server signing = mandatory server smb encrypt = required client ipc signing = required ntlm auth = ntlmv2-only null passwords = No Rather than using the SMB extra configuration field which I'm finding confusing and difficult to use. I would rather these options be available under 'SMB Settings' as drop-down options (for example, 'Enable NetBIOS' is currently listed there). I think that the out of the box defaults should remain as broadly compatible as possible but it should not be a difficult process to enable high security configurations on the server. Thanks, 3 Quote Link to comment
Vetteman Posted December 21, 2021 Share Posted December 21, 2021 Count me in on this... Quote Link to comment
unrateable Posted December 22, 2021 Share Posted December 22, 2021 +1 ´d be nice to have Quote Link to comment
JustOverride Posted December 27, 2021 Share Posted December 27, 2021 +1 All these options should be the default as it would be more secure. Then instead a toggle for anyone having issues or running older hardware. Quote Link to comment
03fc35ss Posted January 28, 2022 Author Share Posted January 28, 2022 I wrote a quick guide on how to achieve a hardened configuration if anyone is interested: Quote Link to comment
dlandon Posted January 28, 2022 Share Posted January 28, 2022 Security settings are planned for 6.10. Quote Link to comment
L0rdRaiden Posted April 10, 2022 Share Posted April 10, 2022 On 1/28/2022 at 4:49 AM, dlandon said: Security settings are planned for 6.10. will this be included as the new default settings? or the settings will be visible from webui? Quote Link to comment
dlandon Posted April 10, 2022 Share Posted April 10, 2022 2 minutes ago, L0rdRaiden said: will this be included as the new default settings? or the settings will be visible from webui? In order to support legacy devices using SMB2 and connecting to Unraid shares. the implementation of these security settings will have to be configurable. Because of the desire to get 6.10 released, it is being held up for now. For the time being, you can put those settings with a [global] tag in smb-extra.conf. Quote Link to comment
L0rdRaiden Posted April 10, 2022 Share Posted April 10, 2022 3 minutes ago, dlandon said: In order to support legacy devices using SMB2 and connecting to Unraid shares. the implementation of these security settings will have to be configurable. Because of the desire to get 6.10 released, it is being held up for now. For the time being, you can put those settings with a [global] tag in smb-extra.conf. right now it's like this, so it's wrong? Do you mean that I have to add [global] in my config? like [global] server min protocol = SMB3_11 client ipc min protocol = SMB3_11 client signing = mandatory server.... Quote Link to comment
dlandon Posted April 10, 2022 Share Posted April 10, 2022 35 minutes ago, L0rdRaiden said: right now it's like this, so it's wrong? Do you mean that I have to add [global] in my config? like [global] server min protocol = SMB3_11 client ipc min protocol = SMB3_11 client signing = mandatory server.... It probably works, but you should not assume [global]. Add the [global] tag ahead of your settings. 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.