smb share on linux - not able to force no signing
SMB2 does not allow for signing to be disabled. It is only possible for it to be required or not required.
See this Technet article for more information about SMB signing. You can also look at the Samba smb.conf man page for more information, specifically:
For the SMB2 protocol, by design, signing cannot be disabled. In the case where SMB2 is negotiated, if this parameter is set to disabled, it will be treated as auto. Setting it to mandatory will still require SMB2 clients to use signing.
Related videos on Youtube
![Admin](/assets/logo_square_200-5d0d61d6853298bd2a4fe063103715b4daf2819fc21225efa21dfb93e61952ea.png)
Admin
Updated on September 18, 2022Comments
-
Admin almost 2 years
I am testing a samba share set up between two linux machines, and I need signing turned off for the purposes of testing. My server has the following /etc/samba/smb.conf:
[global] protocol = smb2 client signing = disabled server signing = disabled ... [share_dir] path = /work/share_dir valid users = root read only = no
I am able to connect and run commands remotely from the client:
root@client-1:~# smbclient //client-2/share_dir <password> -U root -m smb2 --signing=off -c 'rm 1MB.dat.upload.0; put 1MB.dat 1MB.dat.upload.0;' WARNING: The "syslog" option is deprecated Domain=[CLIENT-3] OS=[] Server=[] putting file 1MB.dat as \1MB.dat.upload.0 (5333.3 kb/s) (average 5333.3 kb/s)
When taking traces (via wireshark) for this operation, however, I can see that signing is not turned off like I want. Requests from my client have 'Signing enabled: True' and 'Signing required: False', and the server eventually responds with a 'Signed: True' flag. Traces are lengthy but can post snippets if it would be helpful.
Is it possible for me to force no signing like I want?