According to the MS-SMB2 specifications:
From Section 3.2.5.2:
If the SecurityMode field in the SMB2 header of the response has the SMB2_NEGOTIATE_SIGNING_REQUIRED bit set, the client MUST set Connection.RequireSigning to TRUE
From Section 3.2.5.3.1:
If the global setting RequireMessageSigning is set to TRUE or Connection.RequireSigning is set to TRUE then Session.SigningRequired MUST be set to TRUE, otherwise Session.SigningRequired MUST be set to FALSE
From Section 3.2.5.3.1:
If the SMB2_SESSION_FLAG_IS_GUEST bit is set in the SessionFlags field of the SMB2 SESSION_SETUP Response and if Session.SigningRequired is TRUE, this indicates a SESSION_SETUP failure and the connection MUST be terminated.
However, when a Windows 7 client communicates with Microsoft Windows Server 2019 Standard build 10.0.17763 I am witnessing the following during a client-server session:
- The SecurityMode field in the SMB2 header of the response has the SMB2_NEGOTIATE_SIGNING_REQUIRED bit set.
- the SMB2_SESSION_FLAG_IS_GUEST bit is set in the SessionFlags field of the SMB2 SESSION_SETUP Response.
- The subsequent TreeConnect request is not signed.
I can provide packet capture (please specify an email to send to)
I would like to get clarifications regarding this behavior and how does it align with the specifications quoted above. Thank you!