Hi, trying to work out if smb signing can be setup on TrueNAS scale mainly and on what version? Did it work on core?
It’s already set up by default.
https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html#SERVERSIGNING
Hi, I did a security scan of TrueNAS scale 23.10.2 and it came back with smbv2 signing not required, and marks it as a security issue. So it does look like it set.
Checked the manual for smb and it says ‘ By default, and when smb signing is set to default, smb signing is required when server role is active directory domain controller and disabled otherwise.’
So will only be set if your TrueNAS is a domain controller.
bool srv_init_signing(struct smbXsrv_connection *conn)
{
struct loadparm_context *lp_ctx = NULL;
bool ok = true;
lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers());
if (lp_ctx == NULL) {
DBG_DEBUG("loadparm_init_s3 failed\n");
return false;
}
/*
* For SMB2 all we need to know is if signing is mandatory.
* It is always allowed and desired, whatever the smb.conf says.
*/
(void)lpcfg_server_signing_allowed(lp_ctx, &conn->smb2.signing_mandatory);
#if defined(WITH_SMB1SERVER)
ok = smb1_srv_init_signing(lp_ctx, conn);
#endif
talloc_unlink(conn, lp_ctx);
return ok;
}
cf source3/smbd/smb2_signing.c