May 18, 2018

Force secure SMB connection

With the recent vulnerabilities in the SMB protocol and clients, I like to force the Linux Samba server to only work with secure versions.
Edit the samba config:
sudo nano /etc/smb.conf
Some information online will use the min protocol= option, however this breaks remote mounting in some clients, instead remove min protocol and add under [Global]:

protocol = smb3 #win8/2016 or higher clients

NOTE: This will disable communication with Windows 7 and earlier