diff options
Diffstat (limited to 'docs-xml/smbdotconf/security/serversigning.xml')
-rw-r--r-- | docs-xml/smbdotconf/security/serversigning.xml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/serversigning.xml b/docs-xml/smbdotconf/security/serversigning.xml new file mode 100644 index 0000000..0b7755a --- /dev/null +++ b/docs-xml/smbdotconf/security/serversigning.xml @@ -0,0 +1,29 @@ +<samba:parameter name="server signing" + context="G" + type="enum" + enumlist="enum_smb_signing_vals" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + + <para>This controls whether the client is allowed or required to use SMB1 and SMB2 signing. Possible values + are <emphasis>default</emphasis>, <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis> + and <emphasis>disabled</emphasis>. + </para> + + <para>By default, and when smb signing is set to + <emphasis>default</emphasis>, smb signing is required when + <smbconfoption name="server role"/> is <emphasis>active directory + domain controller</emphasis> and disabled otherwise.</para> + + <para>When set to auto, SMB1 signing is offered, but not enforced. + When set to mandatory, SMB1 signing is required and if set + to disabled, SMB signing is not offered either.</para> + + <para>For the SMB2 protocol, by design, signing cannot be disabled. In the case + where SMB2 is negotiated, if this parameter is set to <emphasis>disabled</emphasis>, + it will be treated as <emphasis>auto</emphasis>. Setting it to <emphasis>mandatory</emphasis> + will still require SMB2 clients to use signing.</para> +</description> + +<value type="default">default</value> +</samba:parameter> |