Project

General

Profile

Actions

How to Fix "Weak Crypto is Allowed" in Samba » History » Revision 2

« Previous | Revision 2/8 (diff) | Next »
Gareth Eaton, 12/18/2023 12:13 AM


How to Fix "Weak Crypto is Allowed" in Samba

Certainly! Here's a simplified version for your help wiki:

How to Fix "Weak Crypto is Allowed" in Samba

If you see the message "Weak crypto is allowed" when running `testparm` for your Samba server, it means that your server is using weak cryptographic settings, which can be a security risk. To fix this issue, follow these steps:

1. Open the Samba configuration file, usually located at `/etc/samba/smb.conf`, with a text editor. Use a command like `sudo nano /etc/samba/smb.conf`.

2. Inside the `smb.conf` file, find the `[global]` section , where you can configure global settings for Samba.

3. Add or modify the following lines in the `[global]` section:

   server min protocol = SMB3_02
   server max protocol = SMB3_02
   ntlm auth = yes
   lanman auth = no

These settings ensure that Samba uses a secure protocol (SMB3.02) and enables NTLM authentication while disabling weaker LANMAN authentication.

4. Save the changes and exit the text editor.

5. Restart the Samba service to apply the new configuration. Use a command like `sudo systemctl restart smbd` (command may vary depending on your Linux distribution).

6. Run the `testparm` command again to verify that the "Weak crypto is allowed" message is no longer displayed.

By following these steps, you'll improve the security of your Samba server by disabling weak cryptographic algorithms.

Updated by Gareth Eaton about 1 year ago · 2 revisions