Bug 1237085
| Summary: | SMB: smb3 encryption doesn't happen when smb encrypt is set to enabled for global and for share | ||
|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | surabhi <sbhaloth> |
| Component: | samba | Assignee: | Michael Adam <madam> |
| Status: | CLOSED ERRATA | QA Contact: | surabhi <sbhaloth> |
| Severity: | urgent | Docs Contact: | |
| Priority: | high | ||
| Version: | rhgs-3.1 | CC: | asrivast, gdeschner, ira, jarrpa, madam, nlevinki, nsathyan, rcyriac, vagarwal |
| Target Milestone: | --- | ||
| Target Release: | RHGS 3.1.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | samba-4.1.17-10 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-07-29 05:08:43 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1202842 | ||
|
Description
surabhi
2015-06-30 10:41:49 UTC
With the latest samba build :
samba-winbind-4.1.17-12.el7rhgs.x86_64
samba-client-4.1.17-12.el7rhgs.x86_64
samba-vfs-glusterfs-4.1.17-12.el7rhgs.x86_64
samba-winbind-modules-4.1.17-12.el7rhgs.x86_64
samba-common-4.1.17-12.el7rhgs.x86_64
samba-winbind-clients-4.1.17-12.el7rhgs.x86_64
samba-libs-4.1.17-12.el7rhgs.x86_64
samba-4.1.17-12.el7rhgs.x86_64
The new value "desired" has been added for smb encrypt global and share option.
Verified following cases, works as expected.
1. Setting global and share to default:
During negotiation : Server and client announces it supports encryption
Session setup and tree connect : No SMB3 data encryption happens as expected.
2. Setting global to enabled :
During negotiation : Server and client announces it supports encryption.
Session setup and tree connect : No encryption happens as expected.
3. Setting global to Desired :
From win 8 client
During Negotiation : Server and client announces it supports encryption
Session setup : The flag encryption required is TRUE and SMB3 encryption happens.
From win7 client:
Share is still accessible
No SMB3 encryption
4. Setting global as enabled:
Share 1 : desired
Share 2 : default
From win 8 client:
For share 1 the smb3 data encryption shall happen.
Result : During negotiation, both client and server announces it supports encryption
During session req and response , the encryption required flag is true , so SMB3 encryption happens for share 1.
For share 2 during negotiation, only announcement happens and no SMB3 data encryption.
From win 7 client :
Share is still accessible
No SMB3 encryption
5. Setting global as desired :
Share 1 : Required
Share 2 : default (desired)
Share 1:
From Win8 client:
Result: During negotiation both client and server announces it supports encryption.
During session req and response , the encryption flag is set to TRUE so SMB3 encryption happens for share 1.
For share 2 during negotiation , announcement happens and the encryption flag is set to true in session response, SMB3 encryption happens.
From Win7 client:
For share 1 : since the value is set to required, the client gets access denied.
For share 2 : Client able to access , No SMB3 encryption.
Moving the BZ to verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1495.html |