using the signing options is inconsistent: man smb.conf talks about client signing (G) Possible values are auto, mandatory and disabled. server signing (G) Possible values are auto, mandatory and disabled using smb.conf with client signing = mandatory server signing = mandatory testparm now shows client signing = required server signing = required now mixing in smb.conf client signing = mandatory server signing = required testparm shows client signing = required server signing = required But manpage say: use mandatory - not required I request to fix this to avoid this inconsitency and misunderstandings.
Hmm perhaps could leave them as aliases and clear documented, not sure if for backward compatible. /* samba-4.1.17/lib/param/table_param.c */ /* SMB signing types. */ static const struct enum_list enum_smb_signing_vals[] = { {SMB_SIGNING_DEFAULT, "default"}, {SMB_SIGNING_OFF, "No"}, {SMB_SIGNING_OFF, "False"}, {SMB_SIGNING_OFF, "0"}, {SMB_SIGNING_OFF, "Off"}, {SMB_SIGNING_OFF, "disabled"}, {SMB_SIGNING_IF_REQUIRED, "if_required"}, {SMB_SIGNING_IF_REQUIRED, "Yes"}, {SMB_SIGNING_IF_REQUIRED, "True"}, {SMB_SIGNING_IF_REQUIRED, "1"}, {SMB_SIGNING_IF_REQUIRED, "On"}, {SMB_SIGNING_IF_REQUIRED, "enabled"}, {SMB_SIGNING_IF_REQUIRED, "auto"}, {SMB_SIGNING_REQUIRED, "required"}, {SMB_SIGNING_REQUIRED, "mandatory"}, {SMB_SIGNING_REQUIRED, "force"}, {SMB_SIGNING_REQUIRED, "forced"}, {SMB_SIGNING_REQUIRED, "enforced"}, {-1, NULL} }; /* samba-4.1.17/source3/smbd/signing.c */ /*********************************************************** Called by server negprot when signing has been negotiated. ************************************************************/ bool srv_init_signing(struct smbd_server_connection *conn) { bool allowed = true; bool desired; bool mandatory = false; switch (lp_server_signing()) { case SMB_SIGNING_REQUIRED: mandatory = true; break; case SMB_SIGNING_IF_REQUIRED: break; case SMB_SIGNING_DEFAULT: case SMB_SIGNING_OFF: allowed = false; break; } ...
Hello, I don't know if it was resolved, I don't see anything. I have the same problem in Samba 4.10.16 - "client signing = mandatory" in smb.conf, but testparm shows "client signing = required".
(In reply to sp33dy1 from comment #2) Ok, I understand now, "mandatory" and "required" are aliases for the same setting. It's kinda confusing anyway...