I have servers which offer only SMB3 mounts for security reasons. This works well for Windows (10) clients, but not for Linux clients. They refuse to automount anything which is not SMB1.
For manual mounts, the option -o vers=3.0 can be used. How can I force the system to use this option when I want to mount shares from graphical file managers on Gnome or KDE?
Graphical file managers do not establish 'cifs' kernel mounts; they use Samba's libsmbclient.
The corresponding /etc/samba/smb.conf options are:
[global]
client min protocol = SMB2_02
; default is 'CORE' (MS-DOS era)
client max protocol = SMB3
; default was 'NT1' (aka CIFS) until Samba v4.6
; finally includes SMB3 as of Samba v4.7
As soon as you raise the maximum to SMBv3, the client will negotiate the best supported version. It is not necessary to block CIFS/SMBv1 via client min protocol.
Note that the "SMB2" and "SMB3" keywords map to the highest supported sub-version of that protocol (currently "SMB2_10" and "SMB3_11"). This means that setting the minimum protocol to "SMB3" would actually exclude Windows 8.1 (which uses SMB3_02).
See the smb.conf manual page for more details and the full protocol list.
Linux (kernel) clients (cifs.ko) have defaulted to smb3 (smb2.1 or later) for about a year. There have also been three changes that allow it to be configured (and even built) with smb1 (cifs) support disabled.
