The smb.conf manual page needs to be updated! It refers to the old Samba-specific encryption mechanism that applies to SMB1 only and is done via unix extensions. This can be used by smbclient
.
Nowadays, the “smb encrypt
” options also controls the SMB-level encryption that is part of SMB version 3.0 and newer. Windows 8 (and newer) clients should encrypt traffic with these settings.
Have you tried to use the same settings (smb encrypt = mandatory
in the [global]
section) on a Samba domain member or standalone server?
Make sure to set smb encrypt = auto
in [global]
section (not the [profiles]
section). Then the general availability of encryption is still announced.
It is very possible that this is a bug in Samba. So this should probably be discussed on samba’s samba-technial mailing list or samba’s bugzilla. If you’re using the Ubuntu version of Samba then you might also want to check the package page. I suspect that this a genuine Samba upstream issue.