Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 5 subscribers
  • Views 13885 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMB version

rsenio

Any plans to update the SMB version on the UTM to something other than v1? In light of the latest ransomware one of the things Microsoft recommends is disabling SMBv1, but doing that breaks all SSO auth to Active Directory on the UTM



This thread was automatically locked due to age.
Parents
  • 0

    If you look at the SAMBA configuration file in the UTM, you will notice this:

     

    client use spnego = yes

    client NTLMv2 auth = no

     

    There is no way that I know to make the system use NTLMv2.  This file maintained by the middle ware, i think, so there is no tinkering with it.

     

    Furthermore, a conversation with level 2 support engineer today:

    Us: if you can only authenticate and have directory intergration with SMBv1, what happens with SMBv2 or SMBv3 packets

    Leve2 Tech: they are all blocked by the default packetfilter rules.

Reply
  • 0

    If you look at the SAMBA configuration file in the UTM, you will notice this:

     

    client use spnego = yes

    client NTLMv2 auth = no

     

    There is no way that I know to make the system use NTLMv2.  This file maintained by the middle ware, i think, so there is no tinkering with it.

     

    Furthermore, a conversation with level 2 support engineer today:

    Us: if you can only authenticate and have directory intergration with SMBv1, what happens with SMBv2 or SMBv3 packets

    Leve2 Tech: they are all blocked by the default packetfilter rules.

Children
No Data