default value of server signing

Steve French smfrench at
Thu Jun 2 00:45:27 UTC 2016

Any idea why we turn off support for cifs signing by default?  I would
have thought that this one of the more common values to override in
distros default smb.conf (to turn "server signing = default" rather
than leave it disabled for cifs), but I see it left out of Fedora's
smb.conf.  The excerpt from the smb.conf man page doesn't explain why
it is off for cifs (shouldn't it be set to auto in most distros?)

server signing (G)

This controls whether the client is allowed or required to use SMB1
and SMB2 signing. Possible values are auto, mandatory and disabled.

When set to auto, SMB1 signing is offered, but not enforced. When set
to mandatory, SMB1 signing is required and if set to disabled, SMB
signing is not offered either.

For the SMB2 protocol, by design, signing cannot be disabled. In the
case where SMB2 is negotiated, if this parameter is set to disabled,
it will be treated as auto. Setting it to mandatory will still require
SMB2 clients to use signing.

Default: server signing = Disabled



More information about the samba-technical mailing list