[Samba] new Win7 security setting broke Samba
Snyder, Gabrielle S. (LARC-D322)[HP ES]
gabrielle.s.snyder at nasa.gov
Thu Oct 25 07:09:07 MDT 2012
It must have been the smb signing. I hadn't looked at that because I wasn't aware that policy had changed in our environment. I added 'client signing = required' and 'server signing = required' to my smb.conf and was able to map a drive from the server to my Win7 PC.
Thank you!!!
-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Thursday, October 25, 2012 6:47 AM
To: Snyder, Gabrielle S. (LARC-D322)[HP ES]
Cc: samba at lists.samba.org
Subject: Re: [Samba] new Win7 security setting broke Samba
On Wed, 2012-10-24 at 08:48 -0500, Snyder, Gabrielle S. (LARC-D322)[HP ES] wrote:
> Good day all!
> I administer two Samba servers (RHEL 4.5) which, up to recently, had
> been working well. Our security officials changed the LAN Manager
> group policy for the new Win7 systems from 'Send NTLMv2 response only;
> Refuse LM' to 'Send NTLMv2 response only; Refuse LM & NTLM'. We
> were running samba 3.0.33. I have upgraded to 3.6.8-44. I have tried
> a variety of different smb.conf file options to get the new version to
> work with the mandated security policy. We only use Samba to map
> Linux shares onto Win7 clients. The Win7 clients are part of a domain
> but the Linux servers are not.
>
> Any help with how to setup Samba to work in this environment would be
> greatly appreciated.
Can you send in your smb.conf?
Samba has, since 3.0, accepted NTLMv2 passwords, so something else is going wrong here. Perhaps they also set a smb signing policy, and you didn't enable smb signing, or you are running 'security=server', which is incompatible with NTLMv2?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list