[PATCH]: SMB3 Encryption and "smb encrypt" option
Stefan (metze) Metzmacher
metze at samba.org
Mon Sep 8 12:58:28 MDT 2014
> Currently, the smb encrypt option in Samba offers less flexibility in
> configuring smb3 encryption against Win8/Win2k12 clients. Win2k12 offers
> two options, EncryptData and RestrictUnencryptedAccess to enable, disable
> and mandate encryption. However, the auto and disabled setting of smb
> encrypt behave the same against win8/win2k12 clients.
> Please find attached patches that change the behavior of smb encrypt
> option as follows -
> disabled --> EncryptData = no
> auto --> EncryptData =yes, RejectUnencryptedAccess = no
> mandatory --> EncryptData = yes, RejectEncryptedAccess = yes
> I've changed the default to disabled. Would you please review and let me
> know any comments that you may have,
We should not change the default to disabled.
What would be the use case for "EncryptData =yes,
RejectUnencryptedAccess = no"?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: OpenPGP digital signature
More information about the samba-technical