Packet
signing can prevent man-in-the-middle attacks which modify SMB packets in
transit. SMB Signing is a feature through which communications using SMB can be
digitally signed at the packet level. Digitally signing the packets enables the
recipient of the packets to confirm their point of origination and their
authenticity.
Verification:
To
verify that Samba clients running smbclient must use packet signing, run the
following command:
[root@linuxcnf ~]# grep
signing /etc/samba/smb.conf
client signing =
mandatory
|
The
command output should show as above, if it is not, means smb signing is
disabled.
Enable smb clients signing:
To
require samba clients running smbclient to use packet signing, use the below
settings:
[root@linuxcnf ~]#vi
/etc/samba/smb.conf
|
Add
the following to the global section of the Samba configuration file:
client signing =
mandatory
|
No comments:
Post a Comment