[linux-cifs-client] Samba SMB protocol encryption support
Jeff Layton
jlayton at samba.org
Sat Feb 27 19:00:45 MST 2010
On Sat, 27 Feb 2010 16:09:51 +0100
Guillaume Hiet <guillaume.hiet at amossys.fr> wrote:
> Hi List,
>
> I would like to know if cifs module has (even experimental) support for
> SMB protocol encryption (by setting option "smb encrypt=mandatory" in
> Samba server configuration file).
>
> We use Debian's Samba server v3.5rc2 and this feature works fine with
> smbclient using "-e" option. However, we do not succeed in mounting the
> share with cifs module (Linux Debian kernel 2.6.32-8) using "mount -t
> cifs -o user=xxx,sec=krb5i,seal //my_host/my_share /my_mountpoint". Does
> the "seal" option correspond to SMB protocol encryption?
>
> We activate the following options in /proc/fs/cifs/ :
> - experimental = 1
> - LinuxExtensionsEnable = 1
> - cifsFYI = 3
> - SecurityFlags = 0x07
>
> The signing feature seams to work well by setting "client/server signing
> = mandatory" in smb.conf and using "mount -t cifs -o
> user=xxx,sec=krb5i" (using "mount -t cifs -o user=xxx,sec=krb5" fail as
> expected).
>
seal is not implemented. The option was added before there was any
code to make it actually do anything. Definitely confusing for users,
but it is what it is...
--
Jeff Layton <jlayton at samba.org>
More information about the linux-cifs-client
mailing list