On Wed, 28 May 2025 18:25:50 +0200
Stefan Kania via samba <samba at lists.samba.org> wrote:
> Hello to all,
>
> I configured a samba Server as followed:
> ---------------
> [global]
> bind interfaces only = Yes
> client signing = required
> disable netbios = Yes
> interfaces = 192.168.56.45
> realm = EXAMPLE.NET
> security = ADS
> server min protocol = SMB3
> server signing = required
> smb ports = 445
> template shell = /bin/bash
> winbind refresh tickets = Yes
> winbind use default domain = Yes
> workgroup = EXAMPLE
> idmap config example : range = 1000000 - 1999999
> idmap config example : backend = rid
> idmap config * : range = 10000 - 19999
> idmap config * : backend = tdb
> inherit acls = Yes
> vfs objects = acl_xattr
> ---------------
>
> So server- ad client-signing is required. If I test with nmap I see:
> ----------------
> nmap --script smb2-security-mode 192.168.56.45
> Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-05-28 18:20 CEST
> Nmap scan report for 192.168.56.45
> Host is up (0.00010s latency).
> Not shown: 998 closed tcp ports (reset)
> PORT STATE SERVICE
> 22/tcp open ssh
> 445/tcp open microsoft-ds
> MAC Address: 08:00:27:40:0A:20 (Oracle VirtualBox virtual NIC)
>
> Host script results:
> | smb2-security-mode:
> | 3:1:1:
> |_ Message signing enabled but not required
>
> Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds
> ----------------
> I expected that signing is shown as required?
> What do I have to do, that signing is required?
ER, read 'man smb.conf' where 'server signing' shows that
'required' is
not a valid value.
Rowland