Home > Storage > PowerScale (Isilon) > Industry Solutions and Verticals > Media and Entertainment > PowerScale OneFS: macOS Client Performance and User Experience Optimization > SMB session signing
SMB3 introduces security enhancements that help prevent man-in-the-middle attacks during the initiation of an SMB client connection to an SMB server. SMB session Signing is different from SMB signing which adds a digital signature to each packet. SMB session signing can be described to protect an SMB session from being tampering with as it commences. When macOS client systems are bound anonymously to a directory server, SMB session signing may cause authentication errors when a system tries to connect to an SMB share.
In situations where proper network credentials are not working from macOS systems running version 10.13+, disabling SMB session signing may resolve the issue. As with disabling SMB signing, disabling SMB session signing reduces the security of an SMB connection and is recommended on systems running on private, secure networks.
Apple describes session signing and how to disable it in the support article If you can't mount SMB share hosted by a Mac bound to Open Directory.
Add the following line to the /etc/nsmb.conf file:
validate_neg_off=yes
After updating /etc/nsmb.conf, unmount and remount SMB shares from the macOS system for the changes to take effect.