Bug 1237085
Summary: | SMB: smb3 encryption doesn't happen when smb encrypt is set to enabled for global and for share | ||
---|---|---|---|
Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | surabhi <sbhaloth> |
Component: | samba | Assignee: | Michael Adam <madam> |
Status: | CLOSED ERRATA | QA Contact: | surabhi <sbhaloth> |
Severity: | urgent | Docs Contact: | |
Priority: | high | ||
Version: | rhgs-3.1 | CC: | asrivast, gdeschner, ira, jarrpa, madam, nlevinki, nsathyan, rcyriac, vagarwal |
Target Milestone: | --- | ||
Target Release: | RHGS 3.1.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | samba-4.1.17-10 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-29 05:08:43 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1202842 |
Description
surabhi
2015-06-30 10:41:49 UTC
With the latest samba build : samba-winbind-4.1.17-12.el7rhgs.x86_64 samba-client-4.1.17-12.el7rhgs.x86_64 samba-vfs-glusterfs-4.1.17-12.el7rhgs.x86_64 samba-winbind-modules-4.1.17-12.el7rhgs.x86_64 samba-common-4.1.17-12.el7rhgs.x86_64 samba-winbind-clients-4.1.17-12.el7rhgs.x86_64 samba-libs-4.1.17-12.el7rhgs.x86_64 samba-4.1.17-12.el7rhgs.x86_64 The new value "desired" has been added for smb encrypt global and share option. Verified following cases, works as expected. 1. Setting global and share to default: During negotiation : Server and client announces it supports encryption Session setup and tree connect : No SMB3 data encryption happens as expected. 2. Setting global to enabled : During negotiation : Server and client announces it supports encryption. Session setup and tree connect : No encryption happens as expected. 3. Setting global to Desired : From win 8 client During Negotiation : Server and client announces it supports encryption Session setup : The flag encryption required is TRUE and SMB3 encryption happens. From win7 client: Share is still accessible No SMB3 encryption 4. Setting global as enabled: Share 1 : desired Share 2 : default From win 8 client: For share 1 the smb3 data encryption shall happen. Result : During negotiation, both client and server announces it supports encryption During session req and response , the encryption required flag is true , so SMB3 encryption happens for share 1. For share 2 during negotiation, only announcement happens and no SMB3 data encryption. From win 7 client : Share is still accessible No SMB3 encryption 5. Setting global as desired : Share 1 : Required Share 2 : default (desired) Share 1: From Win8 client: Result: During negotiation both client and server announces it supports encryption. During session req and response , the encryption flag is set to TRUE so SMB3 encryption happens for share 1. For share 2 during negotiation , announcement happens and the encryption flag is set to true in session response, SMB3 encryption happens. From Win7 client: For share 1 : since the value is set to required, the client gets access denied. For share 2 : Client able to access , No SMB3 encryption. Moving the BZ to verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1495.html |