SMB Signing has been enabled by default by Apple dating back since the release of OS X 10.11.5 (15F34).
SMB Signing digitally signs at the packet level of the SMB communication. This enables the receiver of the packets to confirm the point of origination and it’s authenticity. This security mechanism helps avoid issues like tampering and “man in the middle” attacks. As long as you're on a secure network, this should not be an issue. In addition, this causes slow performance and will not allow you to connect via SMB to the NAS Gateway. We also recommend you to disable SMB signing on clients that access a Vess R2600 to gain better performance on your macOS 10.11.5 - 10.13.3 clients.
In macOS 10.13.4 and later, packet signing is off by default. Packet signing for SMB 2 or SMB 3 connections turns on automatically when needed if the server offers it. The instructions in this article apply to macOS 10.13.3 and earlier.
- Unable to mount volume using the SMB protocol with the NAS Gateway G1100.
- Authentication rejected with Internal and External LDAP users and only cifs:// allows mount and authentication.
- Slow performance via SMB with the Vess R2000 series.
To disable SMB signing which is enabled by default on macOS versions 10.11.5 -10.13.3, execute the instructions below by creating a nsmb.conf file:
echo "[default]" >> /etc/nsmb.conf
echo signing_required=no >> /etc/nsmb.conf
#Display stats for a specific SMB share
smbutil statshares -m /Volumes/SMB_Volume_Name
#Display stats on all mounted SMB shares
smbutil statshares -a
SHARE ATTRIBUTE TYPE VALUE
If the SIGNING_ON variable is still outputted via
smbutil statshares -a,
that means it's still enabled.
This variable should not show up after you have disabled SMB signing.
Article from Apple (HT205926)
Turn off packet signing for SMB 2 and SMB 3 connections
Contact Promise Technology Support
Promise Technology Technical Support >