CIFS and SMB SIGNING
(Last modified: 26Jan2006)
This document (10100287) is provided subject to the disclaimer at the end of this document.
fact
Novell Netware 6.5 sp4a
Windows Native File Access
symptom
CIFS and SMB SIGNING
fix
Support for SMB SIGNING has been added for NW 6.5 sp4a and later versions. Earlier versions of NW 6.5 still do not support SMB signing. NW 5.1 and NW 6.0 do not and never will support SMB signing.
Enabling and Disabling SMB Signing
SMB (or CIFS) signing is necessary to prevent "man-in-the-middle" attacks. It supports message authentication, which prevents active message attacks. SMB signing provides this authentication by placing a digital signature into each SMB. That digital signature is then verified by both the client and the server.
To use SMB signing, you must enable it on both the client and the server. If SMB signing is required on the server, clients cannot establish sessions with the server unless they have SMB signing enabled.
To enable SMB signing on a NetWare 6.5 SP4 server, enter the following command at at the server console:
cifs signatures enable
SMB signing is disabled by default. If you have enabled SMB signing and want to disable it, enter the following command at the server console:
cifs signatures disable
After enabling SMB signing on your server, you can set it to either optional or mandatory mode. If SMB signing is set to optional mode (the default mode after enabling it) it automatically detects whether or not individual clients have SMB signing enabled. If a client does not have SMB signing enabled, the server does not use SMB signing for client communication. If a client has SMB signing enabled, the server uses SMB signing for client communication.
If you set SMB signing to mandatory mode, all clients must have SMB signing enabled or they won't be able to connect to the server.
To set SMB signing to mandatory mode after enabling it, enter the following command at the server console:
cifs signatures mandatory
If you have set SMB signing to mandatory and want to change it back to optional, enter the following command at the server console:
cifs signatures optional
IMPORTANT: After enabling or disabling SMB signing, or changing the mode to optional or mandatory, clients must reconnect in order for changes to take effect. For example, if you have enabled SMB signing on the server, SMB signing will not be in effect for individual clients until each of those clients reconnect.
document
| Document Title: | CIFS and SMB SIGNING |
| Document ID: | 10100287 |
| Solution ID: | NOVL104956 |
| Creation Date: | 26Jan2006 |
| Modified Date: | 26Jan2006 |
| Novell Product Class: | Connectivity Products |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.