Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NAS-129763 / 24.10 / Expose ability for users to configure SMB encryption behavior #13937

Merged
merged 2 commits into from
Jun 27, 2024
Merged

NAS-129763 / 24.10 / Expose ability for users to configure SMB encryption behavior #13937

merged 2 commits into from
Jun 27, 2024

Conversation

anodos325
Copy link
Contributor

@anodos325 anodos325 commented Jun 26, 2024
edited
Loading

This commit adds a new SMB server global parameter for SMB transport encryption. It exposes 4 options:

DEFAULT -- follow upstream / truenas default (reflected as a null in db) -- currently NEGOTIATE
NEGOTIATE -- only encrypt transport if explicitly requested by the SMB client
DESIRED -- encrypt transport if supported by client during session negotiation.
REQUIRED -- always encrypt transport (rejecting access if client does not support encryption -- incompatible with SMB1 server).

@anodos325 anodos325 added the jira label Jun 26, 2024
@bugclerk bugclerk changed the title Expose ability for users to enable SMB encryption NAS-129763 / 24.10 / Expose ability for users to enable SMB encryption Jun 26, 2024
@bugclerk
Copy link
Contributor

Jira URL: https://ixsystems.atlassian.net/browse/NAS-129763

@anodos325 anodos325 changed the title NAS-129763 / 24.10 / Expose ability for users to enable SMB encryption NAS-129763 / 24.10 / Expose ability for users to configure SMB encryption behavior Jun 26, 2024
@anodos325 anodos325 force-pushed the add-smb-encryption branch from 6e0bac5 to d40e946 Compare June 26, 2024 20:29
@anodos325
Expose ability for users to enable SMB encryption
abc9d9d 
This commit adds a new SMB server global parameter for SMB
transport encryption. It exposes 4 options:

DEFAULT -- follow upstream / truenas default (reflected as a null
in db)

NEGOTIATE -- only encrypt transport if explicitly requested by
the SMB client

DESIRED -- encrypt transport if supported by client during
session negotiation.

REQURIED -- always encrypt transport (rejecting access if client
does not support encryption -- incompatible with SMB1 server).
@anodos325 anodos325 force-pushed the add-smb-encryption branch from 75fb991 to abc9d9d Compare June 27, 2024 19:41
@anodos325 anodos325 merged commit cadaee7 into master Jun 27, 2024
2 of 3 checks passed
@anodos325 anodos325 deleted the add-smb-encryption branch June 27, 2024 20:15
@bugclerk
Copy link
Contributor

This PR has been merged and conversations have been locked.
If you would like to discuss more about this issue please use our forums or raise a Jira ticket.

@truenas truenas locked as resolved and limited conversation to collaborators Jun 27, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bmeagherix bmeagherix bmeagherix approved these changes

@mgrimesix mgrimesix mgrimesix approved these changes

Assignees
No one assigned
Labels
no-time-tracked
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@anodos325 @bugclerk @bmeagherix @mgrimesix