[Samba] Connection fails with Server/Client Signing = Mandatory

hceuterpe at gmail.com hceuterpe at gmail.com
Mon Oct 1 11:04:05 MDT 2012 

Do you have the right security packages and installed?  I want to say this
needs OpenSSL
On Oct 1, 2012 11:50 AM, "Bill Chockla" <chockla at us.ibm.com> wrote:

> Changing the client and server "Digitally sign communications (always)"
> to "Enabled" and "Microsoft network client: Send unencrypted password to
> third-party SMB servers" to "Disabled" gets the error, "Not authorized to
> log in from this station" (error 1240).
>
> I then switched "Send unencrypted password to third-party SMB servers"
> back to "Enabled" which Microsoft recommends for error 1240 and I get the
> old error 64.
>
> Searching for other configuration possibilities for the error 1240.
>
> ----- Forwarded by Bill Chockla/Durham/Contr/IBM on 10/01/2012 07:42 AM
>  -----
>
> From: "hceuterpe at gmail.com" <hceuterpe at gmail.com>
> To: Bill Chockla/Durham/Contr/IBM at IBMUS,
> Cc: samba at samba.org
> Date: 09/28/2012 08:35 PM
> Subject: Re: [Samba] Fw: Connection fails with Server/Client Signing =
> Mandatory
> ------------------------------
>
>
>
> One more thing to add:
> I'm pretty sure you cannot force signing and still send unencrypted
> passwords to third party SMB servers (which Samba is):
> Microsoft network client: Send unencrypted password to third-party SMB
> servers Enabled
> Otherwise that also seems to conflict...
>
> On Sep 26, 2012 11:06 AM, "Bill Chockla" <*chockla at us.ibm.com*<chockla at us.ibm.com>>
> wrote:
>
>
>
>    Hello,
>    Has anyone had a chance to review this question?
>    Thank you,
>    Bill
>
>    ----- Forwarded by Bill Chockla/Durham/Contr/IBM on 09/26/2012 10:04 AM
>    -----
>
>    From:   Bill Chockla/Durham/Contr/IBM
>    To:     *samba at samba.org* <samba at samba.org>,
>    Date:   09/10/2012 12:52 PM
>    Subject:        Connection fails with Server/Client Signing = Mandatory
>
>
>    Hello,
>    When I add "server signing = mandatory" to my smb.conf file (AIX V6.1,
>    6100-04-11-1140 running Samba v3.6.5) that has "encrypt passwords =
>    no", my
>    windows client no longer can connect. It fails with system error 64.
>
>    The windows system is running XP vers 2002 with service pack 3. The
>    security settings are set to:
>            Microsoft network client: Digitally sign communications
>    (always)
>                    Disabled
>            Microsoft network client: Digitally sign communications (if
>    server
>    agrees)                 Enabled
>            Microsoft network client: Send unencrypted password to
>    third-party
>    SMB servers             Enabled
>            Microsoft network server: Amount of idle time required before
>    suspending session      15 minutes
>            Microsoft network server: Digitally sign communications
>    (always)
>                    Disabled
>            Microsoft network server: Digitally sign communications (if
>    client
>    agrees)                 Disabled
>            Microsoft network server: Disconnect clients when logon hours
>    expire
>                    Enabled
>
>    Like wise, when I add "server signing = mandatory" to my smb.conf file
>    that
>    has "encrypt passwords = yes" (and "passdb backend = smbpasswd" with
>    valid
>    id/password in the smbpasswd file), my AIX client no longer can
>    connect.
>
>    I have added "client signing = mandatory" to smb.conf also and get the
>    same
>    results (unencrypted: windows clients cannot connect. encrypted: aix
>    clients cannot connect).
>
>    Are there any known problems in v3.6.5 related to these connection
>    problems? Are there any fixes in newer releases?
>
>    I have logs with debug level 5 for the connection problem sequences if
>    someone needs that information. I can ftp them if someone can give me
>    an
>    ftp site, id/password.
>    Thank you in advance for your help!
>    Bill Chockla
>    --
>    To unsubscribe from this list go to the following URL and read the
>    instructions:  *https://lists.samba.org/mailman/options/samba*<https://lists.samba.org/mailman/options/samba>
>
> ----- Forwarded by Bill Chockla/Durham/Contr/IBM on 10/01/2012 07:42 AM
>  -----
>
> From: "hceuterpe at gmail.com" <hceuterpe at gmail.com>
> To: Bill Chockla/Durham/Contr/IBM at IBMUS,
> Cc: samba at samba.org
> Date: 09/28/2012 08:31 PM
> Subject: Re: [Samba] Fw: Connection fails with Server/Client Signing =
> Mandatory
> ------------------------------
>
>
>
> I see an issue with this line
> Microsoft network client: Digitally sign communications (always) Disabled
> Set both that and the network server policy as enabled and see what
> happens. Setting that as disabled only makes sense if the samba setting is
> still set to auto. Otherwise, it appears conflicting.
>
> On Sep 26, 2012 11:06 AM, "Bill Chockla" <*chockla at us.ibm.com*<chockla at us.ibm.com>>
> wrote:
>
>
>
>    Hello,
>    Has anyone had a chance to review this question?
>    Thank you,
>    Bill
>
>    ----- Forwarded by Bill Chockla/Durham/Contr/IBM on 09/26/2012 10:04 AM
>    -----
>
>    From:   Bill Chockla/Durham/Contr/IBM
>    To:     *samba at samba.org* <samba at samba.org>,
>    Date:   09/10/2012 12:52 PM
>    Subject:        Connection fails with Server/Client Signing = Mandatory
>
>
>    Hello,
>    When I add "server signing = mandatory" to my smb.conf file (AIX V6.1,
>    6100-04-11-1140 running Samba v3.6.5) that has "encrypt passwords =
>    no", my
>    windows client no longer can connect. It fails with system error 64.
>
>    The windows system is running XP vers 2002 with service pack 3. The
>    security settings are set to:
>            Microsoft network client: Digitally sign communications
>    (always)
>                    Disabled
>            Microsoft network client: Digitally sign communications (if
>    server
>    agrees)                 Enabled
>            Microsoft network client: Send unencrypted password to
>    third-party
>    SMB servers             Enabled
>            Microsoft network server: Amount of idle time required before
>    suspending session      15 minutes
>            Microsoft network server: Digitally sign communications
>    (always)
>                    Disabled
>            Microsoft network server: Digitally sign communications (if
>    client
>    agrees)                 Disabled
>            Microsoft network server: Disconnect clients when logon hours
>    expire
>                    Enabled
>
>    Like wise, when I add "server signing = mandatory" to my smb.conf file
>    that
>    has "encrypt passwords = yes" (and "passdb backend = smbpasswd" with
>    valid
>    id/password in the smbpasswd file), my AIX client no longer can
>    connect.
>
>    I have added "client signing = mandatory" to smb.conf also and get the
>    same
>    results (unencrypted: windows clients cannot connect. encrypted: aix
>    clients cannot connect).
>
>    Are there any known problems in v3.6.5 related to these connection
>    problems? Are there any fixes in newer releases?
>
>    I have logs with debug level 5 for the connection problem sequences if
>    someone needs that information. I can ftp them if someone can give me
>    an
>    ftp site, id/password.
>    Thank you in advance for your help!
>    Bill Chockla
>    --
>    To unsubscribe from this list go to the following URL and read the
>    instructions:  *https://lists.samba.org/mailman/options/samba*<https://lists.samba.org/mailman/options/samba>
>
>

More information about the samba mailing list