Bug 11366 - smb.conf manpage lacks description of "smb encrypt" for SMB2+
Summary: smb.conf manpage lacks description of "smb encrypt" for SMB2+
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Documentation (show other bugs)
Version: 4.2.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba Documentation QA Contact~
Depends on:
Reported: 2015-06-26 23:07 UTC by Michael Adam
Modified: 2015-07-05 19:12 UTC (History)
3 users (show)

See Also:

proposed patch for 4.2 (9.16 KB, patch)
2015-06-26 23:10 UTC, Michael Adam
obnox: review+
gd: review+
proposed patch for 4.1 (10.46 KB, patch)
2015-06-26 23:20 UTC, Michael Adam
obnox: review+
gd: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Adam 2015-06-26 23:07:02 UTC
With the introduction of SMB3, the 'smb encrypt' setting has an effect also for protocol versions other than SMB1. This needs to be explained in the manual page.
Comment 1 Michael Adam 2015-06-26 23:10:58 UTC
Created attachment 11206 [details]
proposed patch for 4.2
Comment 2 Michael Adam 2015-06-26 23:20:29 UTC
Created attachment 11207 [details]
proposed patch for 4.1
Comment 3 Björn Jacke 2015-06-27 12:47:26 UTC
Comment on attachment 11207 [details]
proposed patch for 4.1

looks good but one thing i thought while reading it:

to make it more clear, i would replace "hopefully soon Linux Cifsvfs..." by "not not supported yet (currently Linux cifs vfs 4.1)", so that the man page does not talk of "hopes" and so that it does not lie if the samba (man page) is older than the installed kernel which might support it already then.
Comment 4 Michael Adam 2015-06-27 14:09:05 UTC
Björn, thanks for the comments.

That smb1 part I just copied from the original text.
So I suggest to bring that into master and we can backport
it separately. This patchset addresses the lack of addressing
the effect of "smb encrypt" for smb3.

Regarding your proposal, I'd say yeah, we can do it, but the
current way has the advantage that by not specifying a
version number of cifsfs, we don't need to adapt the manpage
in that aspect as time proceeds (as long as cifsfs does not
implement encryption).
Comment 5 Björn Jacke 2015-06-28 11:06:46 UTC
(In reply to Michael Adam from comment #4)
the current way has the disadvantage, that it is wrong as soon as the kernel situation changes. and you will have old less up-to-date samba installations on systems with more recent kernels. it is not neccessary to adopt the mentioned kernel version in the man page all the time. just dont't write things there that will for sure be misinforming at some point in the future. making clear that current kernel 4.1 does not support encrytption is clear. people with kernel 4.1+x will know that the sutuation might have changed.
Comment 6 Michael Adam 2015-06-29 12:13:21 UTC
(In reply to Björn Jacke from comment #5)

Björn, I am happy to review a corresponding patch to the manpage (on mailing-list/master and also here in BZ for the releases).

Could we get this separate patch into the releases?
Comment 7 Guenther Deschner 2015-06-29 13:11:29 UTC
Comment on attachment 11206 [details]
proposed patch for 4.2

Comment 8 Guenther Deschner 2015-06-29 13:21:26 UTC
Karo, please add to v4.2 and v4.1. Thanks.
Comment 9 Karolin Seeger 2015-06-29 20:13:33 UTC
(In reply to Guenther Deschner from comment #8)
Pushed to autobuild-v4-[1|2]-test.
Comment 10 Karolin Seeger 2015-07-05 19:12:29 UTC
(In reply to Karolin Seeger from comment #9)
Pushed to both branches.
Closing out bug report.