David Smith
2006-Jan-17 23:15 UTC
[Samba] Must digital signing be disable when connecting to W2K3 SP1 share?
Is there a more elegant way to do the following without disabling digital signing? What if I have an app requiring digital signing I need to connect to the W2K3 in the future? For explanation have the following; 1. Linux server running Samba 2.2.8a 2. Linux server running Samba 3.0.10 3. Window 2003 Server Standard SP1, not running Active Directory or as domain controller. 4. Windows XP Pro Workstation Both Windows systems have shared folders, and there is no PDC. The first Linux box running Samba2 has no problem mounting the shares on either Windows system. The second one running Samba3 has no problem with the XP system, but is only able to view the share contents if BOTH of the following Group Policy settings are DISABLED. Microsoft network server: Digitally sign communications (always) Microsoft network server: Digitally sign communications (if client agrees) Otherwise, and "ls" command returns "Permission denied". I understand this to be the solution offered to others in the past, but if I understand the specs correctly, the current samba should support digital signing. Since the second policy (if client agrees) causes the problem as well, it would appear that the samba3 box tries to but cannot satify the W2K3 server. FYI, I updated to 3.0.21a with no change in behavior. For test purposes this is how I'm mounting the shares; # /bin/mkdir -p /mnt/test1 # /bin/mount -t smbfs -o username=$Username,password=$Password $Destination /mnt/test1 I'm sure there are other tin-foil-hat types like myself who hesitate when disabling various things in group policy. Ideas anyone? Thanks, Dave
Jeremy Allison
2006-Jan-17 23:25 UTC
[Samba] Must digital signing be disable when connecting to W2K3 SP1 share?
On Tue, Jan 17, 2006 at 06:15:13PM -0500, David Smith wrote:> Is there a more elegant way to do the following without disabling digital > signing? What if I have an app requiring digital signing I need to connect > to the W2K3 in the future? > > For explanation have the following; > > 1. Linux server running Samba 2.2.8a > 2. Linux server running Samba 3.0.10 > 3. Window 2003 Server Standard SP1, not running Active Directory or as > domain controller. > 4. Windows XP Pro Workstation > > Both Windows systems have shared folders, and there is no PDC. The first > Linux box running Samba2 has no problem mounting the shares on either > Windows system. The second one running Samba3 has no problem with the XP > system, but is only able to view the share contents if BOTH of the following > Group Policy settings are DISABLED. > > Microsoft network server: Digitally sign communications (always) > Microsoft network server: Digitally sign communications (if client agrees) > > Otherwise, and "ls" command returns "Permission denied". I understand this > to be the solution offered to others in the past, but if I understand the > specs correctly, the current samba should support digital signing. Since > the second policy (if client agrees) causes the problem as well, it would > appear that the samba3 box tries to but cannot satify the W2K3 server. FYI, > I updated to 3.0.21a with no change in behavior. > > For test purposes this is how I'm mounting the shares; > > # /bin/mkdir -p /mnt/test1 > # /bin/mount -t smbfs -o username=$Username,password=$Password $Destination > /mnt/test1 > > I'm sure there are other tin-foil-hat types like myself who hesitate when > disabling various things in group policy. Ideas anyone?smbfs doesn't support digital signing. Use CIFSFS. That's the problem. Jeremy.