SMB Signing,

Roeland M.J. Meyer rmeyer at
Thu Sep 4 19:15:12 GMT 1997

Hello All

I was just on the MS site looking up info on WinNTws40-SP3. I may need to
apply it. However, I ran into the following and thought that I'd ask if
Samba supports this, before continuing. BTW, I'm still at 16p9 so I would
probably have to upgrade to 17 first, eh?

I cringe everytime I see an update to the SMB protocol from M$. It comes
from long experience. This usually is the harbinger of many long, late, and
frustrating, hours in front of the workstation, doing something different
than what I'm supposed to be doing. The recent problems I see with
Win98beta seem to confirm this, as it is not compatible with anything

Is microsoft going to screw me again? I'd like to know, just once, before
backing into this one.

As an aside, it is interesting to note the CIFS designation, as if it were
a standard. Yet, Microsoft still will not release the Domain Controller
(PDC) login sequence as a public document. The InterNet is famous for not
excepting standards based on proprietary and undocumented protocols.
Further, Microsoft changes the SMB specification with each new release of
their operating systems (Win98 is the worst case in point).

>SMB Signing:
> Service Pack 3 includes an updated version of the Server Message Block
(SMB) authentication
> protocol, also known as the Common Internet File System (CIFS) file
sharing protocol. The updated
> protocol has two main improvements: it supports mutual authentication,
which closes a
> "man-in-the-middle" attack, and it supports message authentication, which
prevents active message
> attacks. SMB signing provides this authentication by placing a digital
security signature into each
> SMB, which is then verified by both the client and the server.
> In order to use SMB signing, you must either enable it or require it on
both the client and the server.
> If SMB signing is enabled on a server, then clients that are also enabled
for SMB signing will use the
> new protocol during all subsequent sessions and clients that are not
enabled for SMB signing will use
> the older SMB protocol. If SMB signing is required on a server, then a
client will not be able to
> establish a session unless it is enabled for SMB signing. SMB signing is
disabled by default on a
> server system when you install the Service Pack; it is enabled by default
on a workstation system
> when you apply the Service Pack. For information on how to configure SMB
signing, go to the

Morgan Hill Software Company, Inc.
Colorado Springs, CO - Livermore, CA - Morgan Hill, CA
Domain Administrator (MHSC2-DOM)
Administrative and Technical contact
InterNIC Id:	MHSC hostmaster (HM239-ORG)
e-mail:		hostmaster at
web -pages:

More information about the samba mailing list