> We have been looking to see if we could setup some VMs for something > that old, and we are willing to test against it if it could > realistically be setup, but it has been harder than expected. Ronnie > had some ideas and we are willing to experiment more but realistically > it is very hard to deal with 'legacy museum style' unless we have some > VMs available for old systems. > > Feel free to contact Ronnie and me or Shyam etc (offline if easier) if > you have ideas on how to setup something like this. We don't want to > be encouraging SMB1, but certainly not NTLMv1 auth with SMB1 given its > security weaknesses (especially given the particular uses hackers have > made of 25+ year old NTLMv1 weaknesses). I would be willing to try to set up a VM for testing. The issue was further discussed in https://bugzilla.kernel.org/show_bug.cgi?id=215375 I think we could split the topic. The part important for me and others affected by this bug is that this regression introduced a protocol violation of the SMB1 protocol, even for the case where users want to use SMB1 in guest mode, i.e. without any authentication. At least in this case IMHO we do not need to discuss NTLMv1 etc., but just make sure that the SMB1 protocol is again correctly followed for the case that no user/password is needed. That is what the proposed patch is about. Thus my idea would be to set up an old-enough Samba server providing the SMB1 protocol (just) for guest mode, without user/password. If I could then prove that without patch the error against that VM occurs and with the patch it works fine, would that be enough? But I wonder what you understand by VM? A VirtualBox OVA file? Vmware? Some Dockerfile to create an image? And as this will be a test against a simulated server in a network, are there standard requirements how the network is set up between test system and the VM? - Carsten
