[Samba] server signing = required
Stefan Kania
stefan at kania-online.de
Wed May 28 16:25:50 UTC 2025
Hello to all,
I configured a samba Server as followed:
---------------
[global]
bind interfaces only = Yes
client signing = required
disable netbios = Yes
interfaces = 192.168.56.45
realm = EXAMPLE.NET
security = ADS
server min protocol = SMB3
server signing = required
smb ports = 445
template shell = /bin/bash
winbind refresh tickets = Yes
winbind use default domain = Yes
workgroup = EXAMPLE
idmap config example : range = 1000000 - 1999999
idmap config example : backend = rid
idmap config * : range = 10000 - 19999
idmap config * : backend = tdb
inherit acls = Yes
vfs objects = acl_xattr
---------------
So server- ad client-signing is required. If I test with nmap I see:
----------------
nmap --script smb2-security-mode 192.168.56.45
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-05-28 18:20 CEST
Nmap scan report for 192.168.56.45
Host is up (0.00010s latency).
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open ssh
445/tcp open microsoft-ds
MAC Address: 08:00:27:40:0A:20 (Oracle VirtualBox virtual NIC)
Host script results:
| smb2-security-mode:
| 3:1:1:
|_ Message signing enabled but not required
Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds
----------------
I expected that signing is shown as required?
What do I have to do, that signing is required?
Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20250528/a729eeea/OpenPGP_signature.sig>
More information about the samba
mailing list