Samba, every time I’ve said
“Not going to write about Samba”,
like a dog returning to it’s … food …, I return to issues with Samba.
To recap, I written about the following Samba issues
Samba file copy performance
Samba causing Windows account lockouts
Samba file deletion issues
Samba & clear text passwords
Today’s post? Samba & SMB Signing.
“SMB Signing is a feature through which communications using SMB can be digitally signed at the packet level. Digitally signing the packets enables the recipient of the packets to confirm their point of origination and their authenticity. This security mechanism in the SMB protocol helps avoid issues like tampering of packets and “man in the middle” attacks.”
So from a security perspective, SMB Signing is a good thing.
So I enabled it.
And the calls rolled in from our band of test users. “We can’t connect to our network drives.”. Yes, Samba was involved.
In one case, a Samba based server, which went end of support in 2006, and in the words of the customer “It just works. We’ve never needed to touch it.”. Was one of the servers which the customer couldn’t connect to.
3 months later, I’m going to have another crack at enabling SMB Signing. This time we’ll enable for everyone, and exclude individual PCs on an exception basis.
We’ll cover most of our corporate network & get most of the SMB Signing security benefits from this approach.
The Basics of SMB Signing (covering both SMB1 and SMB2)