client max protocol (G)
The value of the parameter (a string) is the highest protocol level that will be supported by the client.
Possible values are :
[*]CORE: Earliest version. No concept of user names.
[*]COREPLUS: Slight improvements on CORE for efficiency.
[*]LANMAN1: First modern version of the protocol. Long filename support.
[*]LANMAN2: Updates to Lanman1 protocol.
[*]NT1: Current up to date version of the protocol. Used by Windows NT. Known as CIFS.
[*]SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available.
[*]SMB2_02: The earliest SMB2 version.
[*]SMB2_10: Windows 7 SMB2 version.
[*]SMB2_22: Early Windows 8 SMB2 version.
[*]SMB2_24: Windows 8 beta SMB2 version.
By default SMB2 selects the SMB2_10 variant.
[*]SMB3: The same as SMB2. Used by Windows 8. SMB3 has sub protocols available.
- SMB3_00: Windows 8 SMB3 version. (mostly the same as SMB2_24)
By default SMB3 selects the SMB3_00 variant.
Normally this option should not be set as the automatic negotiation phase in the SMB protocol takes care of choosing the appropriate protocol.
Default: client max protocol = SMB3
Example: client max protocol = LANMAN1
client min protocol (G)
This setting controls the minimum protocol version that the client will attempt to use.
Normally this option should not be set as the automatic negotiation phase in the SMB protocol takes care of choosing the appropriate protocol.
Default: client min protocol = CORE
Example: client min protocol = NT1
client NTLMv2 auth (G)
This parameter determines whether or not smbclient(8) will attempt to authenticate itself to servers using the NTLMv2 encrypted password response.
If enabled, only an NTLMv2 and LMv2 response (both much more secure than earlier versions) will be sent. Older servers (including NT4 < SP4, Win9x and Samba 2.2) are not compatible with NTLMv2 when not in an NTLMv2 supporting domain
Similarly, if enabled, NTLMv1, client lanman auth and client plaintext auth authentication will be disabled. This also disables share-level authentication.
If disabled, an NTLM response (and possibly a LANMAN response) will be sent by the client, depending on the value of client lanman auth.
Note that Windows Vista and later versions already use NTLMv2 by default, and some sites (particularly those following 'best practice' security polices) only allow NTLMv2 responses, and not the weaker LM or NTLM.
Default: client NTLMv2 auth = yes
client plaintext auth (G)
Specifies whether a client should send a plaintext password if the server does not support encrypted passwords.
Default: client plaintext auth = no