samba - Aug 2024 - SMBStatus says Partial for Signing

Does anyone have any insight into what may cause smbstatus to report that
the signing is only partial?  Specifically the top section of the output
that has PID, Username, Group, Machine, Protocol Version, Encryption,
Signing.  Most connections show AES-128-CMAC but some show partial
(AES-128-CMAC).  I played the highlight game and the different PCs and
users are all in the same OUs as others who do NOT have the "partial"
text
so I do not believe a GPO could be causing the issue.  SMB3_11 is the
protocol used & Win 10  (Pro) systems. 90% of systems are normal...just a
few report the partial issue.

No issues with client access...  Just wanted to see if I could understand
this since.

*Relevant Settings*
server smb3 signing algorithms = AES-128-GMAC, AES-128-CMAC, HMAC-SHA256
server smb encrypt = default

On Fri, 9 Aug 2024 16:27:38 -0500
E R via samba <samba at lists.samba.org> wrote:
> Does anyone have any insight into what may cause smbstatus to report
> that the signing is only partial?  Specifically the top section of
> the output that has PID, Username, Group, Machine, Protocol Version,
> Encryption, Signing.  Most connections show AES-128-CMAC but some
> show partial (AES-128-CMAC).  I played the highlight game and the
> different PCs and users are all in the same OUs as others who do NOT
> have the "partial" text so I do not believe a GPO could be
causing
> the issue.  SMB3_11 is the protocol used & Win 10  (Pro) systems. 90%
> of systems are normal...just a few report the partial issue.
> 
> No issues with client access...  Just wanted to see if I could
> understand this since.
> 
> *Relevant Settings*
> server smb3 signing algorithms = AES-128-GMAC, AES-128-CMAC,
> HMAC-SHA256 server smb encrypt = default
If most of your clients work okay, but a few don't, then I would look
at the clients that don't, the 'data' isn't changing, perhaps it
the
way the few clients ask for the data that is different.

Rowland