[PATCH]: SMB3 Encryption and "smb encrypt" option
samlekar at in.ibm.com
Mon Sep 8 13:28:43 MDT 2014
I just changed the documentation a bit - please see the attached patches.
The use case is described in section 5.2 here -
By default, once SMB Encryption is turned on for a share or server, only
SMB 3 clients will be allowed to access the affected shares. The reason
for this restriction is to ensure that the administrator’s intent of
safeguarding the data is maintained for all accesses. However there might
be situations (for example, a transition period where mixed client OS
versions will be in use) where an admin may want to allow unencrypted
access for clients not supporting SMB 3
"Stefan (metze) Metzmacher" <metze at samba.org> wrote on 09/09/2014 12:28:28
> From: "Stefan (metze) Metzmacher" <metze at samba.org>
> To: Shekhar Amlekar/India/IBM at IBMIN, samba-technical <samba-
> technical at lists.samba.org>
> Date: 09/09/2014 12:26 AM
> Subject: Re: [PATCH]: SMB3 Encryption and "smb encrypt" option
> Hi Shekhar,
> > Currently, the smb encrypt option in Samba offers less flexibility in
> > configuring smb3 encryption against Win8/Win2k12 clients. Win2k12
> > two options, EncryptData and RestrictUnencryptedAccess to enable,
> > and mandate encryption. However, the auto and disabled setting of smb
> > encrypt behave the same against win8/win2k12 clients.
> > Please find attached patches that change the behavior of smb encrypt
> > option as follows -
> > disabled --> EncryptData = no
> > auto --> EncryptData =yes, RejectUnencryptedAccess = no
> > mandatory --> EncryptData = yes, RejectEncryptedAccess = yes
> > I've changed the default to disabled. Would you please review and let
> > know any comments that you may have,
> We should not change the default to disabled.
> What would be the use case for "EncryptData =yes,
> RejectUnencryptedAccess = no"?
> [attachment "signature.asc" deleted by Shekhar Amlekar/India/IBM]
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7883 bytes
Desc: not available
More information about the samba-technical