To enable smb encryption in the first place you need to set the correct variables. Add the following to the global section on your smb.conf configuration file.
server signing = mandatory smb encrypt = mandatory oplocks = no
This forces server signing and encryption of all data across the server. The last variable disables oplocks in order to allow you to stream encrypted video. This does however cause a performance drop as oplocks allow the client to preload/cache data that will be accessed in the future.
That’s it, as long as you are using a samba server/client that is version 3.2+ it should work out of the box from there.
P.S. If you really want to see if it’s working, download Wireshark and watch for SMB2 protocol packets, without encryption they display information about the files you’re accessing, but with encryption they look like this:
