[Samba] Encrypted samba mount on Linux

amit kumar amitkuma at redhat.com
Mon Apr 3 07:27:11 UTC 2017 

Hello,
Kindly revert if my question is not clear..
waiting for inputs..
Thanks
On 04/03/2017 11:53 AM, amit kumar wrote:
>
> Thanks Steve for Quick response!!
>
> *My question is*:
>  => Accessing encrypted shares fully depends on kernel fix (as you
> provided),
> If no?
>  => How can we use /etc/samba/smb.conf      "smb encrypt = mandatory" 
> parameter to access encrypted shares? Because using this parameter I
> am not able to access samba-shares either from windows/RHEL client
>
> Thanks
> Amit
>
> On 04/03/2017 11:48 AM, Steve French wrote:
>> CIFS or SMB3 mount (vers=3.0)?
>>
>> I doubt that RHEL has backported the encryption feature in the kernel
>> client yet, but would be a good question for RHEL support.
>>
>> On Mon, Apr 3, 2017 at 1:15 AM, amit kumar <amitkuma at redhat.com
>> <mailto:amitkuma at redhat.com>> wrote:
>>
>>     Dear Team,
>>
>>     I am trying to use this option on RHEL-6.9(samba3.6) version
>>     while accessing samba shares, but its not working??
>>     Is this kernel specific or package specific also?
>>
>>     setup is something as this:
>>                      *[RHEL 6.9]**    **    **    **    **    **  
>>      **    **    **    **    **    **    **    **    **    **    ** 
>>       [windows-client]**    **    **    **    **    **    **    **  
>>      **    **    **        [RHEL-client]*
>>                             |  (samba 3.6)                           
>>                                              |                      
>>                                              |
>>                             /samba-share                          
>>                                                |                  
>>                                                  |
>>                         # vim /etc/samba/smb.conf                  
>>                                        |                          
>>                                          |
>>                             smb encrypt = mandatory                  
>>                                      |                              
>>                                      |
>>                             |              <=========Not
>>     working===============      |                                  
>>                                  |
>>                             |                                      
>>                  <=========Not working===============              
>>                       |
>>
>>     How to make this Working???
>>
>>     Thanks in Advance
>>     Amit
>>
>>     On 04/01/2017 06:29 AM, Steve French via samba wrote:
>>>     4.11 - But am hoping it will be broadly backported
>>>
>>>     On Fri, Mar 31, 2017 at 7:52 PM, Draxter <admin at draxter.me> <mailto:admin at draxter.me> wrote:
>>>
>>>>     Thanks Steve.
>>>>
>>>>
>>>>     That's great news. Pretty recent commit. Which kernel version (onward) is
>>>>     it in?
>>>>
>>>>
>>>>     Regards,
>>>>
>>>>     Draxter.
>>>>
>>>>
>>>>     On 01/04/17 00:49, Steve French wrote:
>>>>
>>>>     Kernel cifs supports encryption!! (Thank you Pavel for good work, redoing
>>>>     the transport layer for this!).
>>>>
>>>>     See e.g. this series which was merged a couple months ago into mainline
>>>>     Linux kernel:
>>>>     https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/
>>>>     <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/>
>>>>     linux.git/commit/fs/cifs?id=ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31
>>>>
>>>>
>>>>     mount -t cifs //localhost/test /mnt -o vers=3.0,seal ....
>>>>
>>>>     See attached screenshot of it in action to Samba (just did a quick mount
>>>>     and displayed wireshark trace of the data so you could see)
>>>>
>>>>
>>>>
>>>>     On Fri, Mar 31, 2017 at 6:39 PM, Jeremy Allison <jra at samba.org> <mailto:jra at samba.org> wrote:
>>>>
>>>>>     On Sat, Apr 01, 2017 at 12:20:23AM +0100, Draxter via samba wrote:
>>>>>>     Hi all,
>>>>>>
>>>>>>     My server machine is running samba version 4.4.4 on Linux with 'smb
>>>>>>     encryption = mandatory' option.
>>>>>>
>>>>>>     My client is a Ubuntu 16.10 Linux machine.
>>>>>>
>>>>>>     I am looking for a way to mount the encrypted samba share on the Linux
>>>>>>     client machine. I noticed that mount.cifs does not support encryption
>>>>>>     but smbclient does with an -e flag, however it seems to only be usable
>>>>>>     in a ftp-like interface. Is there any way to mount this share with
>>>>>>     smbclient or any other software that supports encrypted samba shares?
>>>>>     Sending to Steve, who can explain why he *still*
>>>>>     hasn't implemented this in cifsfs, depite it being
>>>>>     designed to his spec. and included in the server since
>>>>>     Samba 3.2.0....
>>>>>
>>>>>     Bitter, Moi ? :-).
>>>>>
>>>>>     Over to you Steve !
>>>>>
>>>>     --
>>>>     Thanks,
>>>>
>>>>     Steve
>>>>
>>>>
>>>>
>>     -- 
>>     Thanks
>>     Amit Kumar
>>     There are three ways to get something done:
>>       (1) Do it yourself.
>>       (2) Hire someone to do it for you.
>>       (3) Forbid your kids to do it.
>>
>> -- 
>> Thanks, Steve
> -- 
> Thanks
> Amit Kumar
> There are three ways to get something done:
>   (1) Do it yourself.
>   (2) Hire someone to do it for you.
>   (3) Forbid your kids to do it.
-- 
Thanks
Amit Kumar
There are three ways to get something done:
  (1) Do it yourself.
  (2) Hire someone to do it for you.
  (3) Forbid your kids to do it.

More information about the samba mailing list