SMB1 Protocol Officially Removed from Samba

By

As of the latest iteration of the Samba suite of tools, the original (and obsolete) SMB1 protocol has been removed and a few new features added.

Not that this will affect any current Samba admins across the globe, but the developers of the file-sharing protocol have finally removed the obsolete SMB1 protocol from the stack with the 4.16 release.

Along with the removal of that deprecated protocol, a few noteworthy features have been added. First off, the new samba-dcerpcd binary has been created to make it easier for admins to separate the DCERPC (Distributed Computing Environment/Remote Procedure Calls, which is used for calling a procedure on a remote machine as though it were local) service from smbd. In order to enable this feature, rpc start on demand helpers =  should be set to true (which is the default).

Samba 4.16 also includes the ability to add ports to DNS forwarder addresses within the DNS backend. 

Also, the Heimdal Kerberos implementation has been updated and adds important new Kerberos security features (such as Kerberos request armoring, known as FAST). This new implementation tunnels ticket requests and replies that are encrypted with weak passwords inside a wrapper built with a stronger password.

Another addition is the per-KDC (as opposed to the per-realm) 'cookie' used to secure part of the FAST protocol. 

For more information on Samba 4.16, make sure to check out the official release notes.

03/28/2022

Related content

comments powered by Disqus