Monday, 12 March 2018

The client must use SMB client signing for connecting to samba servers using smbclient



Packet signing can prevent man-in-the-middle attacks which modify SMB packets in transit. SMB Signing is a feature through which communications using SMB can be digitally signed at the packet level. Digitally signing the packets enables the recipient of the packets to confirm their point of origination and their authenticity.

Verification:

To verify that Samba clients running smbclient must use packet signing, run the following command:

[root@linuxcnf ~]# grep signing /etc/samba/smb.conf
client signing = mandatory

The command output should show as above, if it is not, means smb signing is disabled.

Enable smb clients signing:

To require samba clients running smbclient to use packet signing, use the below settings:

[root@linuxcnf ~]#vi /etc/samba/smb.conf

Add the following to the global section of the Samba configuration file:

client signing = mandatory

No comments:

Post a comment