Yes, if you want to force SMB encryption on all SMB shares. Do note that this is different than simply requiring signing "server signing = required". The latter is a global parameter, may be set under Services->SMB, and is most likely sufficient to address the "finding".
Well, placing "server smb encrypt = required" into any share's Auxiliary Parameters doesn't work. I can't save it. The error is:
-----------------------------------------
[EFAULT] net conf setparm [backup] failed with error: Unknown parameter encountered: "server smb encrypt" Invalid parameter 'server smb encrypt' given.
Error: Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 138, in call_method
result = await self.middleware._call(message['method'], serviceobj, methodobj, params, app=self,
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1213, in _call
return await methodobj(*prepared_call.args)
File "/usr/local/lib/python3.9/site-packages/middlewared/service.py", line 673, in update
rv = await super().update(app, id, data)
File "/usr/local/lib/python3.9/site-packages/middlewared/service.py", line 495, in update
rv = await self.middleware._call(
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1213, in _call
return await methodobj(*prepared_call.args)
File "/usr/local/lib/python3.9/site-packages/middlewared/schema.py", line 975, in nf
return await f(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/smb.py", line 973, in do_update
await self.middleware.call('sharing.smb.apply_conf_diff',
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1256, in call
return await self._call(
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1213, in _call
return await methodobj(*prepared_call.args)
File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/smb_/registry.py", line 227, in apply_conf_diff
return await self.apply_conf_registry(share, confdiff)
File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/smb_/registry.py", line 208, in apply_conf_registry
await self.reg_setparm(share, k, v)
File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/smb_/registry.py", line 106, in reg_setparm
return await self.netconf(action='setparm', share=share, args=[parm, value])
File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/smb_/registry.py", line 61, in netconf
raise CallError(
middlewared.service_exception.CallError: [EFAULT] net conf setparm [backup] failed with error: Unknown parameter encountered: "server smb encrypt"
Invalid parameter 'server smb encrypt' given.
-----------------------------------------
But anyway.... it's can't be a high risk if it's not implemented in this environment so I will ignore the "finding". It doesn't worth too much effort to put into it. Many thanks for all information you gave, and I really appreciate your help.