Bug 1237063
| Summary: | SMB:smb encrypt details to be updated in smb.conf man page for samba | ||
|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | surabhi <sbhaloth> |
| Component: | samba | Assignee: | Michael Adam <madam> |
| Status: | CLOSED ERRATA | QA Contact: | surabhi <sbhaloth> |
| Severity: | urgent | Docs Contact: | |
| Priority: | high | ||
| Version: | rhgs-3.1 | CC: | asrivast, gdeschner, jarrpa, madam, nlevinki, nsathyan, rcyriac, vagarwal |
| Target Milestone: | --- | ||
| Target Release: | RHGS 3.1.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | samba-4.1.17-10 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-07-29 05:08:35 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1202842 | ||
|
Description
surabhi
2015-06-30 10:05:36 UTC
Patch has been proposed upstream and is currently being discussed. With samba build :
samba-winbind-4.1.17-12.el7rhgs.x86_64
samba-client-4.1.17-12.el7rhgs.x86_64
samba-vfs-glusterfs-4.1.17-12.el7rhgs.x86_64
samba-winbind-modules-4.1.17-12.el7rhgs.x86_64
samba-common-4.1.17-12.el7rhgs.x86_64
samba-winbind-clients-4.1.17-12.el7rhgs.x86_64
samba-libs-4.1.17-12.el7rhgs.x86_64
samba-4.1.17-12.el7rhgs.x86_64
man page for smb.conf has been updated with the smb encrypt options and details.\
tested and verified teh options available.
· Leaving it as default, explicitly setting default, or setting it to enabled globally will enable negotiation of encryption but will not turn
on data encryption globally or per share.
· Setting it to desired globally will enable negotiation and will turn on data encryption on sessions and share connections for those clients
that support it.
· Setting it to required globally will enable negotiation and turn on data encryption on sessions and share connections. Clients that do not
support encryption will be denied access to the server.
· Setting it to off globally will completely disable the encryption feature.
· Setting it to desired on a share will turn on data encryption for this share for clients that support encryption if negotiation has been
enabled globally.
· Setting it to required on a share will enforce data encryption for this share if negotiation has been enabled globally. I.e. clients that do
not support encryption will be denied access to the share.
Note that this allows per-share enforcing to be controlled in Samba differently from Windows: In Windows, RejectUnencryptedAccess is a
global setting, and if it is set, all shares with data encryption turned on are automatically enforcing encryption. In order to achieve the
same effect in Samba, one has to globally set smb encrypt to enabled, and then set all shares that should be encrypted to required.
Additionally, it is possible in Samba to have some shares with encryption required and some other shares with encryption only desired, which
is not possible in Windows.
· Setting it to off or enabled for a share has no effect.
There is a small typo as follows:
These features can be "crontrolled" with settings of smb encrypt as
follows:
The content looks fine. Moving the BZ to Verified.the typo will be taken care next time.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1495.html |