[Samba] Connection fails with Server/Client Signing = Mandatory
hceuterpe at gmail.com
hceuterpe at gmail.com
Mon Oct 1 11:04:05 MDT 2012
Do you have the right security packages and installed? I want to say this
needs OpenSSL
On Oct 1, 2012 11:50 AM, "Bill Chockla" <chockla at us.ibm.com> wrote:
> Changing the client and server "Digitally sign communications (always)"
> to "Enabled" and "Microsoft network client: Send unencrypted password to
> third-party SMB servers" to "Disabled" gets the error, "Not authorized to
> log in from this station" (error 1240).
>
> I then switched "Send unencrypted password to third-party SMB servers"
> back to "Enabled" which Microsoft recommends for error 1240 and I get the
> old error 64.
>
> Searching for other configuration possibilities for the error 1240.
>
> ----- Forwarded by Bill Chockla/Durham/Contr/IBM on 10/01/2012 07:42 AM
> -----
>
> From: "hceuterpe at gmail.com" <hceuterpe at gmail.com>
> To: Bill Chockla/Durham/Contr/IBM at IBMUS,
> Cc: samba at samba.org
> Date: 09/28/2012 08:35 PM
> Subject: Re: [Samba] Fw: Connection fails with Server/Client Signing =
> Mandatory
> ------------------------------
>
>
>
> One more thing to add:
> I'm pretty sure you cannot force signing and still send unencrypted
> passwords to third party SMB servers (which Samba is):
> Microsoft network client: Send unencrypted password to third-party SMB
> servers Enabled
> Otherwise that also seems to conflict...
>
> On Sep 26, 2012 11:06 AM, "Bill Chockla" <*chockla at us.ibm.com*<chockla at us.ibm.com>>
> wrote:
>
>
>
> Hello,
> Has anyone had a chance to review this question?
> Thank you,
> Bill
>
> ----- Forwarded by Bill Chockla/Durham/Contr/IBM on 09/26/2012 10:04 AM
> -----
>
> From: Bill Chockla/Durham/Contr/IBM
> To: *samba at samba.org* <samba at samba.org>,
> Date: 09/10/2012 12:52 PM
> Subject: Connection fails with Server/Client Signing = Mandatory
>
>
> Hello,
> When I add "server signing = mandatory" to my smb.conf file (AIX V6.1,
> 6100-04-11-1140 running Samba v3.6.5) that has "encrypt passwords =
> no", my
> windows client no longer can connect. It fails with system error 64.
>
> The windows system is running XP vers 2002 with service pack 3. The
> security settings are set to:
> Microsoft network client: Digitally sign communications
> (always)
> Disabled
> Microsoft network client: Digitally sign communications (if
> server
> agrees) Enabled
> Microsoft network client: Send unencrypted password to
> third-party
> SMB servers Enabled
> Microsoft network server: Amount of idle time required before
> suspending session 15 minutes
> Microsoft network server: Digitally sign communications
> (always)
> Disabled
> Microsoft network server: Digitally sign communications (if
> client
> agrees) Disabled
> Microsoft network server: Disconnect clients when logon hours
> expire
> Enabled
>
> Like wise, when I add "server signing = mandatory" to my smb.conf file
> that
> has "encrypt passwords = yes" (and "passdb backend = smbpasswd" with
> valid
> id/password in the smbpasswd file), my AIX client no longer can
> connect.
>
> I have added "client signing = mandatory" to smb.conf also and get the
> same
> results (unencrypted: windows clients cannot connect. encrypted: aix
> clients cannot connect).
>
> Are there any known problems in v3.6.5 related to these connection
> problems? Are there any fixes in newer releases?
>
> I have logs with debug level 5 for the connection problem sequences if
> someone needs that information. I can ftp them if someone can give me
> an
> ftp site, id/password.
> Thank you in advance for your help!
> Bill Chockla
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: *https://lists.samba.org/mailman/options/samba*<https://lists.samba.org/mailman/options/samba>
>
> ----- Forwarded by Bill Chockla/Durham/Contr/IBM on 10/01/2012 07:42 AM
> -----
>
> From: "hceuterpe at gmail.com" <hceuterpe at gmail.com>
> To: Bill Chockla/Durham/Contr/IBM at IBMUS,
> Cc: samba at samba.org
> Date: 09/28/2012 08:31 PM
> Subject: Re: [Samba] Fw: Connection fails with Server/Client Signing =
> Mandatory
> ------------------------------
>
>
>
> I see an issue with this line
> Microsoft network client: Digitally sign communications (always) Disabled
> Set both that and the network server policy as enabled and see what
> happens. Setting that as disabled only makes sense if the samba setting is
> still set to auto. Otherwise, it appears conflicting.
>
> On Sep 26, 2012 11:06 AM, "Bill Chockla" <*chockla at us.ibm.com*<chockla at us.ibm.com>>
> wrote:
>
>
>
> Hello,
> Has anyone had a chance to review this question?
> Thank you,
> Bill
>
> ----- Forwarded by Bill Chockla/Durham/Contr/IBM on 09/26/2012 10:04 AM
> -----
>
> From: Bill Chockla/Durham/Contr/IBM
> To: *samba at samba.org* <samba at samba.org>,
> Date: 09/10/2012 12:52 PM
> Subject: Connection fails with Server/Client Signing = Mandatory
>
>
> Hello,
> When I add "server signing = mandatory" to my smb.conf file (AIX V6.1,
> 6100-04-11-1140 running Samba v3.6.5) that has "encrypt passwords =
> no", my
> windows client no longer can connect. It fails with system error 64.
>
> The windows system is running XP vers 2002 with service pack 3. The
> security settings are set to:
> Microsoft network client: Digitally sign communications
> (always)
> Disabled
> Microsoft network client: Digitally sign communications (if
> server
> agrees) Enabled
> Microsoft network client: Send unencrypted password to
> third-party
> SMB servers Enabled
> Microsoft network server: Amount of idle time required before
> suspending session 15 minutes
> Microsoft network server: Digitally sign communications
> (always)
> Disabled
> Microsoft network server: Digitally sign communications (if
> client
> agrees) Disabled
> Microsoft network server: Disconnect clients when logon hours
> expire
> Enabled
>
> Like wise, when I add "server signing = mandatory" to my smb.conf file
> that
> has "encrypt passwords = yes" (and "passdb backend = smbpasswd" with
> valid
> id/password in the smbpasswd file), my AIX client no longer can
> connect.
>
> I have added "client signing = mandatory" to smb.conf also and get the
> same
> results (unencrypted: windows clients cannot connect. encrypted: aix
> clients cannot connect).
>
> Are there any known problems in v3.6.5 related to these connection
> problems? Are there any fixes in newer releases?
>
> I have logs with debug level 5 for the connection problem sequences if
> someone needs that information. I can ftp them if someone can give me
> an
> ftp site, id/password.
> Thank you in advance for your help!
> Bill Chockla
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: *https://lists.samba.org/mailman/options/samba*<https://lists.samba.org/mailman/options/samba>
>
>
More information about the samba
mailing list