From 986ad0b5dbbb7b1eaa0c8b2dab2370afb6d34e52 Mon Sep 17 00:00:00 2001 From: David Kocher Date: Sun, 9 Feb 2025 20:50:23 +0100 Subject: [PATCH] Reference insecure connection profile. --- protocols/smb.md | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/protocols/smb.md b/protocols/smb.md index a561016c..71d1ff01 100644 --- a/protocols/smb.md +++ b/protocols/smb.md @@ -11,14 +11,16 @@ SMB :local: ::: -> [SMB (Server Message Block)](https://en.wikipedia.org/wiki/Server_Message_Block) is used to access Windows File Shares or a Samba Linux Server. +> [SMB (Server Message Block)](https://en.wikipedia.org/wiki/Server_Message_Block) is used to access Windows File Shares +> or a Samba Linux Server. ## Connecting :::{important} + * Cyberduck [8.7.0](https://cyberduck.io/changelog/) or later required * Mountain Duck 5.0.0 required (not yet available) -::: + ::: To connect to a SMB server, choose _SMB (Server Message Block)_. @@ -29,17 +31,22 @@ To connect to a SMB server, choose _SMB (Server Message Block)_. ### Authentication -Username and password must be provided for authentication using NTLM. The optional domain name defaults to `WORKGROUP` and can be customized as part of the username in the format `REALM\username` in the _Username_ input field when adding a bookmark. Depending on the server setup, this can be +Username and password must be provided for authentication using NTLM. The optional domain name defaults to `WORKGROUP` +and can be customized as part of the username in the format `REALM\username` in the _Username_ input field when adding a +bookmark. Depending on the server setup, this can be + - `COMPUTERNAME\username` - `NETBIOSDOMAINNAME\username` The default domain can be set using the [hidden configuration option](../tutorials/hidden_properties.md) - + smb.domain.default=WORKGROUP ### Share Name -To connect to a specific share, you can configure a _Path_ in the bookmark. When omitted an attempt is made to list all available shares from the server. On failure retrieving share names from the server, a prompt is displayed to enter the share name when connecting. +To connect to a specific share, you can configure a _Path_ in the bookmark. When omitted an attempt is made to list all +available shares from the server. On failure retrieving share names from the server, a prompt is displayed to enter the +share name when connecting. :::{image} _images/SMB_Share.png :alt: SMB Share Input @@ -49,12 +56,20 @@ To connect to a specific share, you can configure a _Path_ in the bookmark. When ### Interoperability SMB protocol support has been tested with connections to the following server implementations + - Windows 2016 Server (`SMB_3_1_1` dialect) - Windows 2022 Server (`SMB_3_1_1` dialect) - Linux Samba (`SMB_3_1_1` dialect) - macOS 13.5 (22G74) (`SMB_3_0_2` dialect) - SMB [Azure file shares](https://learn.microsoft.com/en-us/azure/storage/files/files-smb-protocol) +### Encryption + +By default, SMB connections are secured by signing and encrypting requests when supported by the server using SMBv3. +Alternatively, use the connection profile with support for signing and encryption disabled. + +- {download}Install the *SMB (No Encryption) connection profile* from *Preferences… → Profiles*. + ### Cyberduck CLI You can list shares with [Cyberduck CLI](https://duck.sh/) using