According to the release notes of Samba 4.11(https://www.samba.org/samba/history/samba-4.11.0.html) there is a strong requirement to keep SMB1 support for old DOS application and LANMAN compatibility. Necessary settings to keep it running: lanman auth = yes encrypt passwords = yes server min protocol = LANMAN1 client min protocol = LANMAN1 So please keep the SMB1 support to support DOS LANMAN clients. Thank you.
Eventually the SMB1 server code inside Samba is going to have to be removed if we want to make progress on the SMB2+ interfaces. At that point we will freeze a version of Samba that you will be able to use with SMB1 for old DOS applications.
*** Bug 14197 has been marked as a duplicate of this bug. ***
I have a couple decades experience working in the semiconductor industry, specifically with the equipment inside the factory. In my experience, the smaller factories tend to have older equipment. The last place I worked had computer controlled sinks running windows 3.11 up until about 10 years ago. Because of this, SMB1 support is important, especially on the client side. One might ask: why not upgrade those computers? There are a few issues with upgrading computers on equipment: 1) Equipment is expensive. It is not easy to convince the finance folks to spend money on equipment that works perfectly fine other than we potentially might not be able to get to the file shares. 2) Upgrading the computer may not be possible. The software running on a piece of equipment may have older windows specific drivers, or hardware requirements. Often, the equipment manufacturer has gone out of business. If they have not, it gets back to the cost issue if there is even an upgrade path. 3) Changing equipment is difficult. Even when there is an upgraded piece of equipment available, the newer one has to be qualified, often times it involves working with customers to also qualify the products made with the new (different) equipment. It can take months, if it is even possible at all. These computers are behind mini firewalls on the internal network, and allow access from only specific computers. Not the optimal solution, but the best we can do in the circumstances. My preferred OS for fetching data from these computers is Linux, so the SMB1 client support is important to me for that reason. Thanks to everyone for samba. And thank you for your time and consideration to my request.
Please note that as Samba is Free/Libre Open Source Software no one can take old versions away from you. They will work as they always have. However, eventually for code maintenance health reasons we are going to have to remove the SMB1 server code from our code-base. When we do this, we will probably offer a longer period of security support for the version that is "frozen" with the last SMB1 server inside. I'm also pretty sure that commercial entities will offer paid support for this "last" version as long as people are willing to pay them to support it. So the future for older equipment stuck on SMB1 is not as bleak as it looks. The code of the last Samba SMB1 server will certainly last physically longer than any old equipment still running SMB1 :-).
We need continued support in Samba for 'server min protocol = LANMAN2'. This is required for our legacy (VM-based) Microsoft DOS clients (using DOS-based Microsoft Networking Client), which can only use SMBv1. The critical program runs in (compiled or interpreted) VB-DOS, this can work in 32-bit Windows (via NTVDM) but not in 64-bit Windows, so for 64-bit machines (which in due course will be all machines) we must use a VM (currently Virtual Box). It works great but this old Microsoft networking only supports SMBv1. In practice we have to force LANMAN2 (via 'server min protocol = LANMAN2') to avoid problems. Please do not remove server support for SMBv1 (LANMAN2), it will cause us big problems. Thank you.
(In reply to Dominic Ferard from comment #6) Please read https://bugzilla.samba.org/show_bug.cgi?id=14273#c5.