I just upgraded to 26.0.0-BETA.1 and so far it’s looking good, no issues. I would like to require SMB encryption though. I see in the smb4.conf that “server smb encrypt = default” which means basically “auto”. That is the connection is encrypted if the client negotiates encryption. All my SMB clients support encryption and I’d like to require it so that if I’m using SMB3 QUIC over an Internet connection that the connection gets encrypted by default. I tried manually editing smb4.conf and changing encryption to “required” but it reverts back to “default” when you restart the smb service. I’ve tested two clients, an Ubuntu client that I configured to force an encrypted mount and this shows up in the TN session as encrypted, which is what I want. I tested mounting the share from a macOS Tahoe client using the finder to mount the share and it does not show an encrypted session in the TN UI. I know that macOS Tahoe would use encryption if it’s required by the server. It would be nice if one could configure this encryption setting in the TN smb advanced options.
1 Like
This may be covered by an open Feature Request already.
Thanks for the link, I added my two cents. BTW, in macOS Tahoe, you have to edit /etc/nsmb.conf and add these settings to force a signed and encrypted session:
[default]
signing_required=yes
protocol_vers_map=6
force_sess_encrypt=yes
Not ideal to have to edit this file on a bunch of macOS laptops. Better to have the SMB server require signing and encryption.
This is already exposed in the global configuration for the SMB server. C.f. documentation / UI
Oops, you’re right. I missed that!