Frequently Asked Question
Setting SMB Versions in Samba Server
How to set the minimum and maximum SMB protocol versions in smb.conf
Samba’s smb.conf file controls which SMB (Server Message Block) dialects the server will speak. From Samba 4.5 onward the old options min protocol and max protocol have been superseded by the more explicit client/server min/max protocol settings.
Below is a step‑by‑step guide that works on a typical UK‑based Ubuntu/Debian or RHEL/CentOS installation.
1. Locate the configuration file
/etc/samba/smb.conf
Tip – Keep a backup before editing: ``bash sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.bak ``
2. Choose the appropriate directives
| Directive | Scope | What it does | Typical values |
|---|---|---|---|
server min protocol |
Server side (when acting as a file share) | Lowest SMB version the server will accept from clients | SMB2, SMB202, SMB210, SMB3 |
server max protocol |
Server side | Highest SMB version the server will offer to clients | SMB2, SMB202, SMB210, SMB3, SMB3_11 |
client min protocol |
Client side (when Samba contacts another server) | Lowest SMB version the Samba client will use | Same values as above |
client max protocol |
Client side | Highest SMB version the Samba client will use | Same values as above |
Why set both? -server …protects the files you expose – you can disable the insecure SMB1. -client …protects any outbound connections Samba makes (e.g. to a Windows DFS or a backup target).
3. Edit smb.conf
Open the file with your favourite editor, e.g.:
sudo nano /etc/samba/smb.conf
Add (or modify) the lines in the global section:
[global]
# ----- Server side -----
server min protocol = SMB2 # reject SMB1 (CIFS)
server max protocol = SMB3_11 # use the latest SMB3 version you support
# ----- Client side -----
client min protocol = SMB2
client max protocol = SMB3_11
If you only need to control the server side, you can omit the client lines.
4. Test the new settings (optional but recommended)
4.1 Check syntax
testparm -s
If there are no errors, you’ll see the values you just added under [global].
4.2 Verify the protocol offered to a client
From a Linux client (or the same host) run:
smbclient -L //localhost -U <username> -m SMB2
Replace SMB2 with SMB3 to see if the higher version is accepted. A successful connection proves the server will negotiate at least that version.
4.3 Query from a Windows machine
Open PowerShell on a Windows PC and run:
Get-SmbConnection -ServerName <samba-host>
The Dialect column shows the negotiated version.
5. Apply the changes
Restart the Samba services so the new protocol limits take effect:
# On systemd‑based systems (Ubuntu 16.04+, Debian 9+, RHEL 7+)
sudo systemctl restart smbd nmbd
# On older SysV init systems
sudo service smbd restart
sudo service nmbd restart
6. Common pitfalls & troubleshooting
| Symptom | Likely cause | Fix |
|---|---|---|
| Windows client can’t map the share, error “The network path was not found.” | Client is still trying SMB1 (often seen on very old Windows 7 machines). | Ensure the Windows client is set to use at least SMB2, or temporarily lower server min protocol to SMB2. |
smbclient fails with “Protocol negotiation failed” when using -m SMB3 |
Samba version compiled without SMB3 support (rare on modern releases). | Upgrade Samba to a version ≥ 4.5, or set server max protocol to SMB2. |
After changing the values, testparm reports “Unknown parameter ‘server min protocol’”. |
Samba version is older than 4.5. | Use the legacy options: min protocol = SMB2 and max protocol = SMB3. |
| Clients can still connect with SMB1 despite the setting | There is a per‑share override (protocol = NT1) somewhere in the file. |
Remove any protocol = lines or set them to SMB2/SMB3. |
7. Quick reference cheat‑sheet
[global]
# Server side (what we offer)
server min protocol = SMB2 # disable insecure SMB1
server max protocol = SMB3_11 # latest stable SMB3 dialect
# Client side (what we use when we connect out)
client min protocol = SMB2
client max protocol = SMB3_11
If you only need to disable SMB1, the two‑line minimum is sufficient:
[global]
server min protocol = SMB2
Bottom line
Setting server min/max protocol (and optionally the client equivalents) in smb.conf lets you harden your Samba server against the outdated and insecure SMB1 protocol while still supporting the modern SMB2/SMB3 dialects used by Windows 10/11 and recent Linux clients. Follow the steps above, test the change, and restart the services – you’ll be up‑to‑date and more secure in minutes.
