Tested with Herb yesterday. Even setting "server signing = no" the SMB2 server will still negotiate signing in the negprot security settings and in sessionsetup. I know SMB2 requires that signed packets incoming are signed in return, but with "server signing = no" we shouldn't be negotiating it. Patch for 4.0.0rc2 and 3.6.next to follow (after the fix for master is in). Jeremy.
A smb server should always support signing.
(In reply to comment #1) > A smb server should always support signing. smb2 server...
From MS-SMB2 section 2.2.4: SMB2_NEGOTIATE_SIGNING_ENABLED When set, indicates that security signatures are enabled on the server. The server MUST set this bit, and the client MUST return STATUS_INVALID_NETWORK_RESPONSE if the flag is missing. Jeremy, please revert this change
Ok, thanks for the clarification. I'll change this out to a documentation bug then, as people expect to be able to turn signing off using "server signing = no". Documentation patch to follow. Jeremy.
Created attachment 7984 [details] git-am fix for 3.6.x and 4.0.0rc3. Ok, modified to be a documentation fix. Metze please review ! Thanks, Jeremy.
Comment on attachment 7984 [details] git-am fix for 3.6.x and 4.0.0rc3. Looks good
Karolin, please pick for the next releases
Pushed to v3-6-test and autobuild-v4-0-test. Closing out bug report. Thanks!