Enable SMB signing in Linux
To enable SMB signing in Linux, you need to make changes to your Samba configuration, which is the software suite that provides SMB/CIFS services. SMB signing helps ensure the integrity and authenticity of data transferred over the network. Here’s a guide on how to enable SMB signing in Linux:
It’s always very important to make a backup before changing the configuration files.
- Backup your smb.conf file:
It’s essential to create a backup of your Samba configuration file before making any changes:
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.bak2. Edit the smb.conf file:
Open the Samba configuration file (`smb.conf`) in your preferred text editor. You’ll need superuser privileges to do this:
sudo nano /etc/samba/smb.conf3. Locate the global section:
In the `smb.conf` file, find the `[global]` section. This is where you’ll configure global settings for your Samba server.
4. Add or modify the following parameters to enable SMB signing:
server signing = autoThis option enables SMB signing. It’s set to “auto” by default, which means that SMB signing is enabled if the client requests it. You can set it to “mandatory” to enforce SMB signing on all connections.
client signing = autoSimilar to `server signing`, this option enables SMB signing on the client side. You can set it to “mandatory” if you want to enforce SMB signing on the client.
Example:
[global]
server signing = mandatory
client signing = mandatory
5. Save the smb.conf file and exit the text editor.
6. Restart the Samba service to apply the changes:
sudo service smbd restart # For Upstart-based systems
sudo systemctl restart smbd # For systemd-based systemsSMB signing should now be enabled on your Linux Samba server, and it will require signing for all client connections. Please note that enabling SMB signing may cause a slight increase in CPU usage due to the cryptographic operations involved. Additionally, ensure that your SMB clients support SMB signing, as older or non-Windows clients might not handle this feature well.