enable encryption

Question

enable encryption

Closed this issue a year ago · 2 comments

Hi, some online reading suggests that SMB traffic should be encrypted.
Two questions:

Is this a good idea?
If so, how?

SO suggests something like this:

[global]
   # smb v4.14 and later
   server signing = mandatory
   server min protocol = SMB3
   server smb encrypt = required
   # smb v4.13 or earlier
   smb encrypt = required

Below is the content of /etc/samba/smb.conf in my samba container.
I guess I could mount /etc/samba as volume and then edit the content.
Is this the recommended approach?
Thank you for this container btw.

[global]
   server role = standalone server
   log file = /dev/stdout
   dns proxy = no 

   # password stuff
   passdb backend = smbpasswd

   obey pam restrictions = yes
   security = user
   printcap name = /dev/null
   load printers = no
   dns proxy = no
   wide links = yes
   follow symlinks = yes
   unix extensions = no
   acl allow execute always = yes

   # MacOS Compatibility options
   vfs objects = catia fruit streams_xattr

   # Special configuration for Apple's Time Machine
   fruit:model = TimeCapsule
   fruit:aapl = yes

   # Docker Envs global config options
   log level = 1
   workgroup = WORKGROUP
   server string = Samba Server
   map to guest = Bad User

[share]
 path=/shares/share
 ...

Answer 1 · 2024-05-06T11:09:53.000Z

Take a look at the readme, there you'll see how to set global options

your example:

SAMBA_GLOBAL_STANZA=server signing = mandatory; server min protocol = SMB3; server smb encrypt = required; smb encrypt = required

Answer 2 · 2024-05-17T11:39:17.000Z

thank you!