The Samba-Bugzilla – Bug 11372
smbd: SMB3 functionality of "smb encrypt" broken/confusing
Last modified: 2015-07-21 14:39:05 UTC
With "smb encrypt = enabled", the server should announce the SMB3 encryption capability and require traffic encryption for those SMB2+ clients that support it. This is currently broken in Samba 4.2 and 4.1. Instead, encryption only happens if smb encrypt is set to mandatory.
Created attachment 11218 [details]
Patch for v4-2-test cherry-picked from master
Created attachment 11219 [details]
Patch for v4-1-test cherry-picked from master
Patch with a minor contextual adaption for 4.1
Karo, please pick for 4.1.next and 4.2.next.
No pushing yet, please:
Apparently there is need for more discussion.
As discussed with Metze:
We should actually have these states for smb encrypt:
off - ...
enabled - just negotiate the cap
desired - enable enc for those clients that support it
required - enable for all and deny clients that don't support enc.
Created attachment 11239 [details]
updated patchset for 4.1
Created attachment 11240 [details]
updated patchset for 4.2
Karolin, please add to 4.2 and 4.1.
Pushed to autobuild-v4-[1|2]-test.
(In reply to Karolin Seeger from comment #10)
Pushed to both branches.
Closing out bug report.