From e665fc394074e5aebc22baa4aa1d8d45077ce37d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 14 Oct 2013 13:45:42 +1300 Subject: lib/param: Consolidate code to enable smb signing on the server, always enable on AD DC This uses the code from the source4/ SMB server (the NTVFS smb server) in common, to force SMB Signing to be on when we are an AD DC. Andrew Bartlett Signed-off-by: Andrew Bartlett Reviewed-by: David Disseldorp Autobuild-User(master): David Disseldorp Autobuild-Date(master): Fri Nov 22 13:13:05 CET 2013 on sn-devel-104 --- docs-xml/smbdotconf/security/serversigning.xml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'docs-xml/smbdotconf/security') diff --git a/docs-xml/smbdotconf/security/serversigning.xml b/docs-xml/smbdotconf/security/serversigning.xml index 0aced5d3c1..c94a3ee6ba 100644 --- a/docs-xml/smbdotconf/security/serversigning.xml +++ b/docs-xml/smbdotconf/security/serversigning.xml @@ -6,10 +6,15 @@ This controls whether the client is allowed or required to use SMB1 and SMB2 signing. Possible values - are auto, mandatory + are default, auto, mandatory and disabled. + By default, and when smb signing is set to + default, smb signing enabled when + is active directory + domain controller and disabled otherwise. + When set to auto, SMB1 signing is offered, but not enforced. When set to mandatory, SMB1 signing is required and if set to disabled, SMB signing is not offered either. @@ -20,5 +25,5 @@ will still require SMB2 clients to use signing. -Disabled +default -- cgit