How to Fix "Weak Crypto is Allowed" in Samba¶
The "Weak crypto is allowed" message from testparm in Samba is a known issue. It often appears due to internal checks related to cryptographic methods and does not necessarily indicate a significant security flaw in your configuration.
Ensuring strong security in Samba can be achieved by using SMB3 and carefully managing authentication methods.
1. Open the Samba configuration file, usually located at `/etc/samba/smb.conf`, with a text editor. Use a command like `sudo nano /etc/samba/smb.conf`.
2. Inside the `smb.conf` file, find the `[global]` section , where you can configure global settings for Samba.
3. Add or modify the following lines in the `[global]` section:
server min protocol = SMB3 server max protocol = SMB3 ntlm auth = ntlmv2-only
This configures Samba to use the secure SMB3 protocol and enforces NTLMv2 authentication, enhancing security.
4. Save the changes and exit the text editor.
5. Restart the Samba service to apply the new configuration. Use a command like `sudo systemctl restart smbd` (command may vary depending on your Linux distribution).
Updated by Gareth Eaton about 1 year ago · 8 revisions