To enforce SMB2 only, follow the steps below.
If you have unitrends-security-10.2.0 or later, the smb2 option is already available.
rpm -q unitrends-security
If prior to release 10.2, apply the security updates, via these commands from PuTTy or ssh:
sh security_get.sh apply
Then set the SMB2 security option:
This smb2 option also sets the Unitrends samba shares to user security with a default user 'root' and default password 'unitrends1'. To change the samba user and/or password, use this command:
security_option smbuser <username> <password>
To revert from SMB2-only, run the following commands:
Notes about certain application features with SMB2 restrictions.
SharePoint 2007 with Windows 2003 and prior cannot support SMBv2.
Any later versions of SharePoint on a later Windows release may support SMBv2, but may need custom client configurations in order for Unitrends Backups to be performed. See https://blogs.msdn.microsoft.com/uksharepoint/2009/01/05/sharepoint-ports-proxies-and-protocols-an-overview-of-farm-communications/
Otherwise SharePoint backups to Unitrends will not be successful when the UB appliance is configured for SMBv2.
Solaris / Oracle
The Solaris network/smb/client works with the Unitrends SMBv2 configuration on Solaris 11.1 or later. The additional step needed to make this transparent is:
smbadm add-key -u firstname.lastname@example.org
where 192.168.111.22 is the UB IP address. Enter the default password of unitrends1 unless modified.
Hyper-V Instant Recovery
As noted in our article SMBv1 environment vulnerabilities in response to ransomware reports and also by the security_options script when running `security_option smb2`, Hyper-V Instant Recovery is NOT compatible with SMB2. This feature will not work when SMB2 is enabled. This is a Microsoft Limitation we cannot at this time work around.
The same limitation applies to Windows Replicas created on a Hyper-V host server as the Hyper-V host must use SMBv1 to connect to the Unitrends Appliance to acquire boot media used to create the replica.
If Windows client is later than 2003 and supports SMBv2, then Agent Push for SMBv2 support will be included as part of Release 10.2.
Windows 2019 - Windows 2019 ships with SMBv1 disabled by default. It is recommended to enable SMBv2 mode on Unitrends appliances to support Agent Push with 2019. If this is not possible due to legacy systems in your environment, SMBv1 can be re-enabled by following the instructions here.