Bug 14273 - Keep SMB1 support for old DOS applications
Summary: Keep SMB1 support for old DOS applications
Status: REOPENED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.11.6
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
: 14197 (view as bug list)
Depends on:
Blocks:
 
Reported: 2020-02-09 16:00 UTC by Gerhard Wiesinger
Modified: 2020-09-23 16:01 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gerhard Wiesinger 2020-02-09 16:00:53 UTC
According to the release notes of Samba 4.11(https://www.samba.org/samba/history/samba-4.11.0.html) there is a strong requirement to keep SMB1 support for old DOS application and LANMAN compatibility.

Necessary settings to keep it running:

lanman auth = yes
encrypt passwords = yes
server min protocol = LANMAN1
client min protocol = LANMAN1

So please keep the SMB1 support to support DOS LANMAN clients. 

Thank you.
Comment 1 Jeremy Allison 2020-02-09 17:57:43 UTC
Eventually the SMB1 server code inside Samba is going to have to be removed if we want to make progress on the SMB2+ interfaces.

At that point we will freeze a version of Samba that you will be able to use with SMB1 for old DOS applications.
Comment 2 Jeremy Allison 2020-02-09 17:57:43 UTC
Eventually the SMB1 server code inside Samba is going to have to be removed if we want to make progress on the SMB2+ interfaces.

At that point we will freeze a version of Samba that you will be able to use with SMB1 for old DOS applications.
Comment 3 Björn Jacke 2020-02-09 18:18:41 UTC
*** Bug 14197 has been marked as a duplicate of this bug. ***
Comment 4 Bill 2020-09-23 13:54:06 UTC
I have a couple decades experience working in the semiconductor industry, specifically with the equipment inside the factory. In my experience, the smaller factories tend to have older equipment. The last place I worked had computer controlled sinks running windows 3.11 up until about 10 years ago. Because of this, SMB1 support is important, especially on the client side.

One might ask: why not upgrade those computers? There are a few issues with upgrading computers on equipment:

1) Equipment is expensive. It is not easy to convince the finance folks to spend money on equipment that works perfectly fine other than we potentially might not be able to get to the file shares.

2) Upgrading the computer may not be possible. The software running on a piece of equipment may have older windows specific drivers, or hardware requirements. Often, the equipment manufacturer has gone out of business. If they have not, it gets back to the cost issue if there is even an upgrade path.

3) Changing equipment is difficult. Even when there is an upgraded piece of equipment available, the newer one has to be qualified, often times it involves working with customers to also qualify the products made with the new (different) equipment. It can take months, if it is even possible at all.

These computers are behind mini firewalls on the internal network, and allow access from only specific computers. Not the optimal solution, but the best we can do in the circumstances. My preferred OS for fetching data from these computers is Linux, so the SMB1 client support is important to me for that reason.

Thanks to everyone for samba. And thank you for your time and consideration to my request.
Comment 5 Jeremy Allison 2020-09-23 16:01:23 UTC
Please note that as Samba is Free/Libre Open Source Software no one can take old versions away from you. They will work as they always have.

However, eventually for code maintenance health reasons we are going to have to remove the SMB1 server code from our code-base.

When we do this, we will probably offer a longer period of security support for the version that is "frozen" with  the last SMB1 server inside.

I'm also pretty sure that commercial entities will offer paid support for this "last" version as long as people are willing to pay them to support it.

So the future for older equipment stuck on SMB1 is not as bleak as it looks.

The code of the last Samba SMB1 server will certainly last physically longer than any old equipment still running SMB1 :-).