如何在Samba中强制执行SMB2协议？

出于安全原因，我想在中禁用SMB1协议samba。可能吗？我正在运行Ubuntu 14.04 LTS。

我对Nessus的测试表明，仅在设置时才禁用SMBv1

min protocol = SMB2

在smb.conf的[global]部分中。Core，LANMAN2和NT1仍被标记为易受攻击。

我必须添加它才能使其在旧的 ubuntu 12服务器中工作；启用最小/最大组合中的任何一个SMBv1，但同时使用它们都可以。

[global]
min protocol = SMB2                                                                                 
max protocol = SMB2                                                                                 
client min protocol = SMB2
client max protocol = SMB2

虽然我不确定SMB1的位置（我的猜测是CORE），但这是“ man smb.conf”中协议的顺序。

   max protocol (G)
       The value of the parameter (a string) is the highest protocol level that will be supported by the server.
       Possible values are :
       ·   CORE: Earliest version. No concept of user names.
       ·   COREPLUS: Slight improvements on CORE for efficiency.
       ·   LANMAN1: First
            modern version of the protocol. Long filename support.
       ·   LANMAN2: Updates to Lanman1 protocol.
       ·   NT1: Current up to date version of the protocol. Used by Windows NT. Known as CIFS.
       ·   SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and newer.

   min protocol (G)
       The value of the parameter (a string) is the lowest SMB protocol dialect than Samba will support. Please refer to the max
       protocol parameter for a list of valid protocol names and a brief description of each. You may also wish to refer to the C
       source code in source/smbd/negprot.c for a listing of known protocol dialects supported by clients.
       If you are viewing this parameter as a security measure, you should also refer to the lanman auth parameter. Otherwise, you
       should never need to change this parameter.
       Default: min protocol = CORE
       Example: min protocol = NT1

我认为我在本[global]节中通过以下两行禁用了SMB1协议：

min protocol = LANMAN2
max protocol = SMB3

我还没有完全把握在桑巴协议的顺序，但我完全相信，LANMAN2是后SMB1。

我认为您在smb.conf文件中寻找的是：

### 
服务器最小协议= SMB2_10
客户端最小协议= SMB2
客户端最大协议= SMB3