[Samba] Connection fails with Server/Client Signing = Mandatory
Bill Chockla
chockla at us.ibm.com
Mon Oct 1 10:34:37 MDT 2012
Changing the client and server "Digitally sign communications (always)" to
"Enabled" and "Microsoft network client: Send unencrypted password to
third-party SMB servers" to "Disabled" gets the error, "Not authorized to
log in from this station" (error 1240).
I then switched "Send unencrypted password to third-party SMB servers" back
to "Enabled" which Microsoft recommends for error 1240 and I get the old
error 64.
Searching for other configuration possibilities for the error 1240.
----- Forwarded by Bill Chockla/Durham/Contr/IBM on 10/01/2012 07:42 AM
-----
From: "hceuterpe at gmail.com" <hceuterpe at gmail.com>
To: Bill Chockla/Durham/Contr/IBM at IBMUS,
Cc: samba at samba.org
Date: 09/28/2012 08:35 PM
Subject: Re: [Samba] Fw: Connection fails with Server/Client Signing =
Mandatory
One more thing to add:
I'm pretty sure you cannot force signing and still send unencrypted
passwords to third party SMB servers (which Samba is):
Microsoft network client: Send unencrypted password to third-party SMB
servers Enabled
Otherwise that also seems to conflict...
On Sep 26, 2012 11:06 AM, "Bill Chockla" <chockla at us.ibm.com> wrote:
Hello,
Has anyone had a chance to review this question?
Thank you,
Bill
----- Forwarded by Bill Chockla/Durham/Contr/IBM on 09/26/2012 10:04 AM
-----
From: Bill Chockla/Durham/Contr/IBM
To: samba at samba.org,
Date: 09/10/2012 12:52 PM
Subject: Connection fails with Server/Client Signing = Mandatory
Hello,
When I add "server signing = mandatory" to my smb.conf file (AIX V6.1,
6100-04-11-1140 running Samba v3.6.5) that has "encrypt passwords = no",
my
windows client no longer can connect. It fails with system error 64.
The windows system is running XP vers 2002 with service pack 3. The
security settings are set to:
Microsoft network client: Digitally sign communications (always)
Disabled
Microsoft network client: Digitally sign communications (if
server
agrees) Enabled
Microsoft network client: Send unencrypted password to
third-party
SMB servers Enabled
Microsoft network server: Amount of idle time required before
suspending session 15 minutes
Microsoft network server: Digitally sign communications (always)
Disabled
Microsoft network server: Digitally sign communications (if
client
agrees) Disabled
Microsoft network server: Disconnect clients when logon hours
expire
Enabled
Like wise, when I add "server signing = mandatory" to my smb.conf file
that
has "encrypt passwords = yes" (and "passdb backend = smbpasswd" with
valid
id/password in the smbpasswd file), my AIX client no longer can connect.
I have added "client signing = mandatory" to smb.conf also and get the
same
results (unencrypted: windows clients cannot connect. encrypted: aix
clients cannot connect).
Are there any known problems in v3.6.5 related to these connection
problems? Are there any fixes in newer releases?
I have logs with debug level 5 for the connection problem sequences if
someone needs that information. I can ftp them if someone can give me an
ftp site, id/password.
Thank you in advance for your help!
Bill Chockla
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
----- Forwarded by Bill Chockla/Durham/Contr/IBM on 10/01/2012 07:42 AM
-----
From: "hceuterpe at gmail.com" <hceuterpe at gmail.com>
To: Bill Chockla/Durham/Contr/IBM at IBMUS,
Cc: samba at samba.org
Date: 09/28/2012 08:31 PM
Subject: Re: [Samba] Fw: Connection fails with Server/Client Signing =
Mandatory
I see an issue with this line
Microsoft network client: Digitally sign communications (always) Disabled
Set both that and the network server policy as enabled and see what
happens. Setting that as disabled only makes sense if the samba setting is
still set to auto. Otherwise, it appears conflicting.
On Sep 26, 2012 11:06 AM, "Bill Chockla" <chockla at us.ibm.com> wrote:
Hello,
Has anyone had a chance to review this question?
Thank you,
Bill
----- Forwarded by Bill Chockla/Durham/Contr/IBM on 09/26/2012 10:04 AM
-----
From: Bill Chockla/Durham/Contr/IBM
To: samba at samba.org,
Date: 09/10/2012 12:52 PM
Subject: Connection fails with Server/Client Signing = Mandatory
Hello,
When I add "server signing = mandatory" to my smb.conf file (AIX V6.1,
6100-04-11-1140 running Samba v3.6.5) that has "encrypt passwords = no",
my
windows client no longer can connect. It fails with system error 64.
The windows system is running XP vers 2002 with service pack 3. The
security settings are set to:
Microsoft network client: Digitally sign communications (always)
Disabled
Microsoft network client: Digitally sign communications (if
server
agrees) Enabled
Microsoft network client: Send unencrypted password to
third-party
SMB servers Enabled
Microsoft network server: Amount of idle time required before
suspending session 15 minutes
Microsoft network server: Digitally sign communications (always)
Disabled
Microsoft network server: Digitally sign communications (if
client
agrees) Disabled
Microsoft network server: Disconnect clients when logon hours
expire
Enabled
Like wise, when I add "server signing = mandatory" to my smb.conf file
that
has "encrypt passwords = yes" (and "passdb backend = smbpasswd" with
valid
id/password in the smbpasswd file), my AIX client no longer can connect.
I have added "client signing = mandatory" to smb.conf also and get the
same
results (unencrypted: windows clients cannot connect. encrypted: aix
clients cannot connect).
Are there any known problems in v3.6.5 related to these connection
problems? Are there any fixes in newer releases?
I have logs with debug level 5 for the connection problem sequences if
someone needs that information. I can ftp them if someone can give me an
ftp site, id/password.
Thank you in advance for your help!
Bill Chockla
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list