smb signing and win2k3
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue May 20 15:22:33 GMT 2003
On Mon, May 19, 2003 at 02:02:29PM -0500, Steven French wrote:
> Andrew Bartlett wrote
> >This might imply SMB
> >signing, which we don't support. In particular, we know very little
> >about the NTLMSSP variant of SMB signing :-(
>
> Interestingly putting Windows 2003 Server in domain mode enables signing
> (which is not required to access the server before you run the
> ActiveDirectory promo wizard) but as we saw at Connectathon & the CIFS
> conference this breaks most if not all of the clients, I will have my work
> cut out getting the cifs vfs code for this working and accepted by Linus
> before 2.5 goes gold (so we have a working Linux client to access Windows
> 2003 Domain Controllers)
An alternative I've thought about setting 'use spnego = no' as a
default. In the same manner as smbd refuses 'security = domain' with
'encrypt passwords = no' we could then refuse 'security = ads' without
'use spnego = yes'. This way we would be able to connect to a W2k3 DC
by default.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030520/bf1aeb79/attachment.bin
More information about the samba-technical
mailing list