Linux: Guide to setting up encryption for Samba
For people running a Samba file server, make sure the following is not a security issue. As you might know, encryption = better privacy (until someone decrypts it), and that is something that Wireshark allowed me to see on my network.
The following command will output the version of Samba running on the server.
smbd -V
Using this information, choose one of the below matching your Samba version, open smb.conf in text editor,
and add the lines to the [global] section. The location of the file should be "/etc/samba/smb.conf".
For Samba v4.14 and later, add the following lines to the [global] section.
[global]
server signing = mandatory
server min protocol = SMB3
server smb encryption = mandatory
For Samba v4.13 and earlier, add the following lines to the [global] section.
[global]
smb encrypt = required
Once you have made the correct changes, saved, and restarted your Samba services, your file-request messages should now be encrypted, as in the following screenshot.
Now as you can see the messages are encrypted using the SMB3 protocol. This overall result is much better and should be enabled by default. Even if you are the only user who can see this traffic in a place like home, encryption should still be used, since I do not trust software, neither should you.