[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] slirp: samba, set 'server min protocol' to NT1
From: |
Jiri Slaby |
Subject: |
Re: [PATCH] slirp: samba, set 'server min protocol' to NT1 |
Date: |
Tue, 25 Feb 2020 12:13:23 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.2 |
On 25. 02. 20, 11:43, Daniel P. Berrangé wrote:
> On Tue, Feb 25, 2020 at 11:27:58AM +0100, Jiri Slaby wrote:
>> Samba changed the default of server min protocol from LANMAN1 (very old
>> protocol) to SMB2_02 (only Vista and newer) in commit 840b8501b436
>> (docs-xml: change "server min protocol" to SMB2_02).
>>
>> WXP guests cannot use the samba shares since then as it uses a protocol
>> newer than LANMAN1, but older than SMB2_02: NT1 protocol. So set 'server
>> min protocol' in the samba config used in qemu to NT1. This restores
>> support for WinNT and newer (WXP including).
>>
>> Signed-off-by: Jiri Slaby <address@hidden>
>> ---
>> net/slirp.c | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/net/slirp.c b/net/slirp.c
>> index c4334ee876c7..b3bc4a2bded7 100644
>> --- a/net/slirp.c
>> +++ b/net/slirp.c
>> @@ -887,6 +887,7 @@ static int slirp_smb(SlirpState* s, const char
>> *exported_dir,
>> "printing = bsd\n"
>> "disable spoolss = yes\n"
>> "usershare max shares = 0\n"
>> + "server min protocol = NT1\n"
>> "[qemu]\n"
>> "path=%s\n"
>> "read only=no\n"
>
> IIUC, the older protocol version has a number of downsides, both security
> and performance related, which is why Samba has removed it from the
> default config.
Sure, but is it that relevant for a VM? I mean, it's "min" protocol,
newer Win will negotiate the latest.
> Do we really want to revert this defaults change that
> Samba maintainers made, in order to cope with a guest OS which was
> end-of-life 11 years ago ? It feels questionable to me.
It's 6 years, Vista is 3. (The current default still allows Vista.)
> Maybe QEMU's command line needs to include an option to set the min
> protocol version, so that we don't need to hardcode this obsolete protocol
> version in the source.
That would be great. Though I have no idea how to add one :). Something
like "-net user,smb=/home/smb,smbminproto=NT1" would be perfect by me.
thanks,
--
js
suse labs