I am a new Linux user and for security reasons and to avoid ransomware, I would like to disable the SMB1 protocol in samba configuration on a CentOS Linux version 7 server. Is it possible to disable SMBv1 on a Linux or UNIX-like operating system?

Tutorial details
Difficulty level Easy
Root privileges Yes
Requirements Samba on Linux or Unix-like OS
Est. reading time 3 minutes
Introduction: WannaCrypt/WannaCry targets the Microsoft Windows operating system. The attack spreads by phishing emails but also uses the EternalBlue exploit and DoublePulsar backdoor developed by the U.S. National Security Agency (NSA). If you are using older and unsupported operating systems such as Windows XP and Windows Server 2003, you will get infected. All of your files will be encrypted. To get back your files, you need to pay ransom payments in the cryptocurrency Bitcoin. Microsoft has released software updates for Windows XP and Windows Server 2003. You must apply those patches ASAP on Windows operating systems. In short Linux/Unix users are not affected by this attack. However, you must disable SMBv1 on Samba server running on Linux or Unix-like system.

Configure Samba to use SMBv2 and disable SMBv1 on Linux or Unix

Let us see how to disable SMBv1 on a Linux or Unix like systems.

Disable SMBv1 on Linux or Unix when using Samba

Samba is an open-source implementation of the SMB or CIFS protocol, which allows PC-compatible machines (especially Windows oese) to share files, printers, and other information with Linux and vice-versa.

Configuration to enable SMBv2

Edit smb.conf file, run:
$ sudo vi /etc/samba/smb.conf
Find the [global] section and append the following line:
min protocol = SMB2
Here is my updated file:

Configure Samba to use SMBv2 and disable SMBv1 on Linux or Unix

Fig.01: How to force SMB2 protocol in samba on Linux or Unix

The following seems to work with Windows 10/Linux clients too as noted by many in the comments section below:
protocol = SMB2
For samba version 4.x, you can set
protocol = SMB3
Save and close the file.

Understanding min and max protocol levels in smb.conf

  1. client min protocol – This setting controls the minimum protocol version that the client will attempt to use.
  2. client max protocol – The value of the parameter (a string) is the highest protocol level that will be supported by the client.
  3. SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available:
    • SMB2_02: The earliest SMB2 version.
    • SMB2_10: Windows 7 SMB2 version. (By default SMB2 selects the SMB2_10 variant.)
    • SMB2_22: Early Windows 8 SMB2 version.
    • SMB2_24: Windows 8 beta SMB2 version.
  4. SMB3: The same as SMB2. Used by Windows 8. SMB3 has sub protocols available. SMB3 has sub protocols available:
    • SMB3_00: Windows 8 SMB3 version. (mostly the same as SMB2_24)
    • SMB3_02: Windows 8.1 SMB3 version.
    • SMB3_10: early Windows 10 technical preview SMB3 version.
    • SMB3_11: Windows 10 technical preview SMB3 version (maybe final). By default SMB3 selects the SMB3_11 variant.

Hence setting the following gives best option:

   client min protocol = SMB2
   client max protocol = SMB3

See smb.conf here for more information.

Restart the samba server

Run the following command on CentOS 7/RHEL 7/Fedora Linux:
$ sudo systemctl restart smb.service
Run the following command on Debian 8.x/Ubuntu 16.04 LTS Linux:
$ sudo systemctl restart smbd.service

NOTE: Please note that Samba version 4.11 removes SMB1 protocol version by default. However, on an older Linux and Unix distro you need to disable it manually to avoid security issues.


And there you have it, SMBv1 disabled on a Linux or Unix samba server to avoid security issues. Please read our comment section below for detailed discussion.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 22 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersncdu pydf
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
22 comments… add one
  • Brian May 18, 2017 @ 13:04

    man smb.conf:
    SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available.

    You will prevent Windows 7 machines from connecting..

  • Epy May 18, 2017 @ 14:47

    Thanks for this, it seems to create problems with Windows 10 clients:
    [2017/05/18] smbd/negprot.c:694(reply_negprot)
    No protocol supported !
    We use port 139, this may be the problem or the old samba version we have. I have to check further
    I had to revert this and can’t find another solution for the moment. (Still searching)

  • JH P. May 18, 2017 @ 15:37

    I followed this, however, there’s a problem.

    I have a samba server. I added the line on the smb.conf file.
    After that, I could connect the server from Windows 10 machine, but not from Ubuntu(16.04/17.04) file manager and Android(using Total commander) machines.

    It works find without “min protocol = SMB2”.
    Any help?

  • Troels Arvin May 18, 2017 @ 20:29

    I’ve found the following to work. It raises the bar i little extra, but so far, no complaints have been heard (SMB2_10 should be fine, unless you have Windows XP or older clients).

    The client stuff is to make smbclient (if you use that) skip SMB 1 in negotiations. The client max protocol may appear weird, but if it’s not included, then its value will defaul to something lower than 2.1, and then it will conflict with “client min protocol = SMB2_10”.

    server min protocol = SMB2_10
    client max protocol = SMB3
    client min protocol = SMB2_10

  • Silviu May 18, 2017 @ 21:34

    After appending “min protocol = SMB2” in global section on my smb.conf server, I no longer connect from my linux laptop. Error displayed: “Error: Connection timed out. Please select another viewer and try again.” in my caja file manager.
    Am using Linux Mint 18.1 Mate as client, with Ubuntu 14.04.5 as server using samba 4.3.11.
    Same error for setting “min protocol = SMB3”.

  • Mojo Jojo May 18, 2017 @ 21:52

    Couple things:

    1) Kaspersky and Symantec have indicated that WannaCry can spread via SMBv2 as well:


    2) SMBv2 has consequences — there aren’t POSIX/Unix Extensions for it, so it may not be suitable depending on what clients use your Samba server.

  • Michael May 20, 2017 @ 18:22

    Depending on your needs, this is easy and did the trick for my network:
    protocol = SMB3

    • Michael May 20, 2017 @ 18:23

      Ugh, nevermind, that just sets the max protocol.

  • Goldie Lin May 22, 2017 @ 3:14

    You saved my life!
    Thanks so much…

  • Nik May 29, 2017 @ 18:17

    How to do it for nethserver 6.9?

  • Anouke Jun 16, 2017 @ 9:19

    min protocol = SMB2
    smbclient -U=username -N –command=”dir Directory/*” //

    protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE

    • Stefan Jul 22, 2017 @ 12:17


      protocol = SMB2

      Worked for me with Windows 10 and linux client

  • Anouke Jun 16, 2017 @ 9:21

    Sorry for dual posting, but i will not change the server settings. Can i use smbclient with SMB2?
    thank you!

  • Andrey Oliveira Aug 18, 2017 @ 17:19

    For all those who had problems with SMB2 in Vista clients and above: the kernel version included in your system may contains an older cifs.ko kernel module that only supports SMB1 protocol. SMB2 (and later) protocols require a later cifs.ko and thus a later kernel. Try update kernel to support for SMB2 protocol in the cifs.ko kernel module and so can act as a SMB2 client.

    • Andrey Oliveira Aug 18, 2017 @ 17:20

      cifs.ko kernel module and so can act as a SMB2 server.

    • Andrey Oliveira Aug 18, 2017 @ 17:40

      Sorry, my text was confusing and incomplete. Please remove it so I can include a better text.

  • Feytullah Ede Aug 21, 2017 @ 14:21

    On RHEL6/RHEL7 system,
    default: max protocol = NT1 (SMB1)

    So “min protocol = SMB2” can be over max protocol? or which one is higher priority?

    I tested on RHEL6 system (samba server 3.6). One of the windows client was unable to connect to samba server on linux. SMB1 was disabled on windows server because of security concerns like wannacry. And “max protocol” was not set explicitly on samba server. So “max protocol” was NT1(SMB1) as default.
    I set “min protocol = SMB2” on samba server but client couldn’t negotiate with server on protocol (smbd[…]: No protocol supported !)

    Finally we solved the problem by setting “max protocol = SMB2”

    Note: SMB3 protocol is supported by samba server over 4.x

  • Bad Bad Pants Sep 19, 2017 @ 21:30

    This seems to work and prevent the security scanner from barking on SMBv1 support

    in smb.conf:

    server min protocol = SMB2_10
    client min protocol = SMB2
    client max protocol = SMB3

  • steflp Nov 27, 2017 @ 16:29

    I m trying to print from linux to windows Printer ( in Win10 version 1709) with samba protocol without using smbv1 activated ..

    My Windows is used in administrator user

    Can you help me ?

    I’m tryning several things with client /server protocol but dont work ;-(

    Thanks best regards….


  • rhel-guy Dec 4, 2017 @ 20:19

    Stefan’s reply is what fixed months of a headache for me


    protocol = SMB2

    to /etc/samba/smb.conf
    service smb restart; service winbind restart
    (RHEL 6 server)

    Fixed it’s connection to a hardened 2012 Server as well as a hardened Windows 10 Computer. I’m testing a RHEL6 client now!

  • rzuidhof Sep 10, 2020 @ 11:41

    When using IPA server the smb.conf contains config backend = registry so any changes to smb.conf will be ignored. You can view the current settings with net conf list and remove SMBv1 with net conf setparm global “server min protocol” SMB2

  • Fran Hdez Apr 13, 2021 @ 10:41

    I had just performed a Samba server fresh install on Ubuntu 12.04 LTS. Samba version is 3.6.25, according to $smbstatus.
    By default, any host connected is detecting SMB v1. The only way I found to be able to run SMB v2 on the server is adding the following line to the config file:
    protocol = SMB2

    Finally, it can be checked by running $testparm that this is the same than writing
    max protocol = SMB2

    Thanks to all for your help.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum