smbclient and negotiating encryption support when smb encryption is mandatory

Jeremy Allison jra at
Tue May 10 23:52:02 MDT 2011

On Tue, May 10, 2011 at 06:10:01PM -0500, Steve French wrote:
> Connecting to Samba 3.6 with smbclient to test per-share encryption, I
> noticed that smbclient worked when I specified "-e" (and does send the
> required query fs unix info and set fs calls).  I don't see those
> calls when -e is not specified in smbclient (so the server closes the
> session after the first SMB echo is sent, presumably because it is not
> encrypted) and if a querypathinfo is sent first it gets access denied.
>  Why would smbclient only negotiate unix extensions when "-e" is
> specified - how else would it know that "smb encryption" is mandatory?
> I have "smb encryption = mandatory" under the definition for the share
> in smb.conf

That's to be expected. The -e specifies "use encryption". There
is no way to know the server has a share set as "smb encryption = mandatory"
other than that connections without encryption will fail.

This has to be a client-set parameter. You have to know you're
connecting to an encrypted share.


More information about the samba-technical mailing list