[PATCH]: SMB3 Encryption and "smb encrypt" option

Stefan (metze) Metzmacher metze at samba.org
Mon Sep 8 12:58:28 MDT 2014

Hi  Shekhar,

> Currently, the smb encrypt option in Samba offers less flexibility in 
> configuring smb3 encryption against Win8/Win2k12 clients. Win2k12 offers 
> two options, EncryptData and RestrictUnencryptedAccess to enable, disable 
> and mandate encryption. However, the auto and disabled setting of smb 
> encrypt  behave the same against win8/win2k12 clients.
> Please find attached patches that change the behavior of smb encrypt 
> option as follows -
> disabled -->    EncryptData = no
> auto -->                EncryptData =yes, RejectUnencryptedAccess = no
> mandatory -->   EncryptData = yes, RejectEncryptedAccess = yes
> I've changed the default to disabled. Would you please review and let me 
> know any comments that you may have,

We should not change the default to disabled.

What would be the use case for "EncryptData =yes,
RejectUnencryptedAccess = no"?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140908/0445b162/attachment.pgp>

More information about the samba-technical mailing list