[Samba] Server Mandatory SMB Signing Not Working
Philip Cunio
phil.cunio at inmar.com
Sun Aug 8 23:08:41 UTC 2021
We have just implemented the requirement for SMB signing to be mandatory. I
have made the required changes to smb.conf but it is not working. Windows
clients requiring SMB signing as mandatory can not connect. If we remove
that requirement, the client can connect. We are running SAMBA 4.10.6 on
AIX 7.1 TL5. Below is the pertinent information from /etc/samba/smb.conf:
[global]
workgroup = INMAR
netbios name = SERVERA
interfaces = xx.xxx.xx.xx
# security = SHARE
map to guest = Bad Password
null passwords = Yes
# log level = 5
username map = /usr/local/lib/users.map
log file = /var/samba/log/log.%m
name resolve order = wins host bcast
unix extensions = No
wins server = xx.xxx.xxx.xxx
socket address = xx.xxx.xxx.xx
client min protocol = SMB2
server signing = mandatory
client signing = mandatory
[files]
comment = flat files
path = /data/unload/flat_files
read only = No
guest ok = Yes
wide links = Yes
*I have obfuscated the IP addresses for security reasons.
Clients are able to connect as long as they do not require SMB Signing.
I have confirmed that I successfully restarted samba after I made the
change to smb.conf by doing
ps -ef | grep smbd (noted samba PID)
smbd restart
ps -ef | grep smbd (noted that samba PID changed from above)
I have also run Testparm against smb.conf and there were no errors found.
I have verified that the smb.conf file I am changing is the one being used
by smbd daemon
/opt/freeware/sbin/smbd -D -s /etc/samba/smb.conf
What setting am I missing or could be disabling the server signing =
mandatory option?
Thanks,
Phil
--
*Philip Cunio*
Data Center Director, Inmar Technology Solutions
*phil.cunio at inmar.com <phil.cunio at Inmar.com>*
635 Vine Street, Winston-Salem, NC 27101
p: 336-631-2934
*www.inmar.com <https://www.inmar.com/> | LinkedIn
<https://www.linkedin.com/company/inmar> | Facebook
<https://www.facebook.com/CollectiveBias/?ref=br_rs> | Twitter
<https://twitter.com/HollyPavlika>*
<https://www.linkedin.com/company/inmar> <https://www.facebook.com/inmarinc>
<https://twitter.com/inmarinc>
*Please consider the environment before printing this email.*
--
********************************************
*Inmar Confidentiality
Note*: This e-mail and any attachments are confidential and intended to be
viewed and used solely by the intended recipient. If you are not the
intended recipient, be aware that any disclosure, dissemination,
distribution, copying or use of this e-mail or any attachment is
prohibited. If you received this e-mail in error, please notify us
immediately by returning it to the sender and delete this copy and all
attachments from your system and destroy any printed copies. Thank you for
your cooperation.
*Notice of Protected Rights*: The removal of any
copyright, trademark, or proprietary legend contained in this e-mail or any
attachment is prohibited without the express, written permission of Inmar,
Inc. Furthermore, the intended recipient must maintain all copyright
notices, trademarks, and proprietary legends within this e-mail and any
attachments in their original form and location if the e-mail or any
attachments are reproduced, printed or distributed.
********************************************
More information about the samba
mailing list