SMB2 Signing and WAN Accelerator problems ...

Richard Sharpe realrichardsharpe at
Wed Jul 31 10:17:15 MDT 2013

On Wed, Jul 31, 2013 at 8:00 AM, Christopher R. Hertel <crh at> wrote:
> Some of the WAN accelerator companies have, in the past, required that
> customers disable signing on both ends.  I don't know if that works with
> SMB2, but the correct solution is for the WAN accelerators to become
> replica-only DCs and do "real" proxying.

It's simpler than that. They are passing the signature through
unchanged and seem only to be modifying the Message ID.

At first I thought that they assumed that Message IDs will appear
in-order from the client, but a few moment's thought will tell you
that they can appear out-of-order from the server, however, that's
easy to deal with.

Given that there will likely never be more than 16-bits worth of
messages outstanding at any time, and more likely never more than 10
bits worth, that represents a large saving.

Richard Sharpe

More information about the samba-technical mailing list