Description of problem: ********************************** smb.conf man page for the latest samba package is not updated for smb encrypt details. Need updated man page as it would help customers to use smb encrypt options appropriately. Version-Release number of selected component (if applicable): samba-4.1.17-7.el7rhgs.x86_64 How reproducible: Always Steps to Reproduce: 1. Refer man page for smb.conf in latest samba package for smb encrypt. 2. It doesn't mention the enabled option and details for smb encrypt. 3. Actual results: man page for smb.conf is not updated with smb encrypt details option "enabled" is not present. Expected results: smb.conf man page should be updated for all options of smb encrypt . Additional info:
Patch has been proposed upstream and is currently being discussed.
With samba build : samba-winbind-4.1.17-12.el7rhgs.x86_64 samba-client-4.1.17-12.el7rhgs.x86_64 samba-vfs-glusterfs-4.1.17-12.el7rhgs.x86_64 samba-winbind-modules-4.1.17-12.el7rhgs.x86_64 samba-common-4.1.17-12.el7rhgs.x86_64 samba-winbind-clients-4.1.17-12.el7rhgs.x86_64 samba-libs-4.1.17-12.el7rhgs.x86_64 samba-4.1.17-12.el7rhgs.x86_64 man page for smb.conf has been updated with the smb encrypt options and details.\ tested and verified teh options available. · Leaving it as default, explicitly setting default, or setting it to enabled globally will enable negotiation of encryption but will not turn on data encryption globally or per share. · Setting it to desired globally will enable negotiation and will turn on data encryption on sessions and share connections for those clients that support it. · Setting it to required globally will enable negotiation and turn on data encryption on sessions and share connections. Clients that do not support encryption will be denied access to the server. · Setting it to off globally will completely disable the encryption feature. · Setting it to desired on a share will turn on data encryption for this share for clients that support encryption if negotiation has been enabled globally. · Setting it to required on a share will enforce data encryption for this share if negotiation has been enabled globally. I.e. clients that do not support encryption will be denied access to the share. Note that this allows per-share enforcing to be controlled in Samba differently from Windows: In Windows, RejectUnencryptedAccess is a global setting, and if it is set, all shares with data encryption turned on are automatically enforcing encryption. In order to achieve the same effect in Samba, one has to globally set smb encrypt to enabled, and then set all shares that should be encrypted to required. Additionally, it is possible in Samba to have some shares with encryption required and some other shares with encryption only desired, which is not possible in Windows. · Setting it to off or enabled for a share has no effect. There is a small typo as follows: These features can be "crontrolled" with settings of smb encrypt as follows: The content looks fine. Moving the BZ to Verified.the typo will be taken care next time.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1495.html