[PATCH]: SMB3 Encryption and "smb encrypt" option
Stefan (metze) Metzmacher
metze at samba.org
Mon Sep 8 12:58:28 MDT 2014
Hi Shekhar,
> Currently, the smb encrypt option in Samba offers less flexibility in
> configuring smb3 encryption against Win8/Win2k12 clients. Win2k12 offers
> two options, EncryptData and RestrictUnencryptedAccess to enable, disable
> and mandate encryption. However, the auto and disabled setting of smb
> encrypt behave the same against win8/win2k12 clients.
>
> Please find attached patches that change the behavior of smb encrypt
> option as follows -
>
> disabled --> EncryptData = no
> auto --> EncryptData =yes, RejectUnencryptedAccess = no
> mandatory --> EncryptData = yes, RejectEncryptedAccess = yes
>
> I've changed the default to disabled. Would you please review and let me
> know any comments that you may have,
We should not change the default to disabled.
What would be the use case for "EncryptData =yes,
RejectUnencryptedAccess = no"?
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140908/0445b162/attachment.pgp>
More information about the samba-technical
mailing list