diff options
author | Andrew Bartlett <abartlet@samba.org> | 2013-10-14 13:45:42 +1300 |
---|---|---|
committer | David Disseldorp <ddiss@samba.org> | 2013-11-22 13:13:03 +0100 |
commit | e665fc394074e5aebc22baa4aa1d8d45077ce37d (patch) | |
tree | 498f64c40723a7851aff5702b0e5a1d156228827 /docs-xml/smbdotconf/security | |
parent | 000172a5ab7e4bfac7ef618d0d78ec7fe95d0e2a (diff) | |
download | samba-e665fc394074e5aebc22baa4aa1d8d45077ce37d.tar.gz samba-e665fc394074e5aebc22baa4aa1d8d45077ce37d.tar.xz samba-e665fc394074e5aebc22baa4aa1d8d45077ce37d.zip |
lib/param: Consolidate code to enable smb signing on the server, always enable on AD DC
This uses the code from the source4/ SMB server (the NTVFS smb server)
in common, to force SMB Signing to be on when we are an AD DC.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Nov 22 13:13:05 CET 2013 on sn-devel-104
Diffstat (limited to 'docs-xml/smbdotconf/security')
-rw-r--r-- | docs-xml/smbdotconf/security/serversigning.xml | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/docs-xml/smbdotconf/security/serversigning.xml b/docs-xml/smbdotconf/security/serversigning.xml index 0aced5d3c1..c94a3ee6ba 100644 --- a/docs-xml/smbdotconf/security/serversigning.xml +++ b/docs-xml/smbdotconf/security/serversigning.xml @@ -6,10 +6,15 @@ <description> <para>This controls whether the client is allowed or required to use SMB1 and SMB2 signing. Possible values - are <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis> + are <emphasis>default</emphasis>, <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis> and <emphasis>disabled</emphasis>. </para> + <para>By default, and when smb signing is set to + <emphasis>default</emphasis>, smb signing enabled when + <smbconfoption name="server role"/> is <emphasis>active directory + domain controller</emphasis> and disabled otherwise.</para> + <para>When set to auto, SMB1 signing is offered, but not enforced. When set to mandatory, SMB1 signing is required and if set to disabled, SMB signing is not offered either.</para> @@ -20,5 +25,5 @@ will still require SMB2 clients to use signing.</para> </description> -<value type="default">Disabled</value> +<value type="default">default</value> </samba:parameter> |