[Samba] SMB Signing with "map to guest = " options

[Shivappa]

Here is my smb.conf

[global]
workgroup=TEST
server string=SMBServ
netbios name=SHIVASMB
realm=TEST.LOCAL
log level=1
log file=
max log size=2000
max smbd processes=100
security=ADS
password server=10.10.1.5
wins support=no
client NTLMv2 auth=Yes
wins proxy=no
server max protocol=SMB3
client max protocol=SMB3
dns proxy=no
wins server=192.168.4.124, 0.0.0.0
name resolve order=lmhosts host wins bcast
map to guest=bad uid
guest account=root
encrypt passwords=yes
ntlm auth=yes
server signing=auto
client signing=auto
 
[Home]
path=/home/shiva/
browseable=yes
writeable=no
public=no
guest ok=yes
available=1
 
[Personal]
path=/home/data/
browseable=yes
writeable=no
public=no
guest ok=yes
available=1


> On Feb 14, 2019, at 17:35, Rowland Penny <rpenny at samba.org> wrote:
> 
> On Thu, 14 Feb 2019 05:52:13 -0600 (CST)
> shivappa Sangapur via samba <samba at lists.samba.org> wrote:
> 
>> Hi,
>> 
>> I'm using samba-4.7.x
>> I have some confusions over "map to guest=" options with setting SMB
>> Signing 1. Set "*Server signing =auto*", "*map to guest=bad uid*" and
>> set "client signing in windows 2k12 server group policy" to
>> "Microsoft network client: Digitally sign communications (Always)” =
>> *Disable*" SMB_Server is joined to Windows 2k12 Active Directory with
>> user01. Windows PC is logged to windows 2k12 Activer Directory with
>> user02. I login to share of my SMB_Server from Windows client
>> PC(where i logged with user02),* it opens shares *without any popup
>> on client PC. Here NO signing is done.
>> 
>> 2. Set "*Server signing =auto*", "*map to guest=bad uid*" and set
>> "client signing in windows 2k12 server group policy" to "Microsoft
>> network client: Digitally sign communications (Always)” = *Enable*"
>> SMB_Server is joined to Windows 2k12 Active Directory with user01.
>> Windows PC is logged to windows 2k12 Activer Directory with user02.
>> I login to share of my SMB_Server from Windows client PC(where i
>> logged with user02),* it fails to open shares.*
>> Here Signing is done but fails to open
>> 
>> 3. Set "*Server signing =auto*", "*map to guest=never*" and set
>> "client signing in windows 2k12 server group policy" to "Microsoft
>> network client: Digitally sign communications (Always)” = *Disable*"
>> SMB_Server is joined to Windows 2k12 Active Directory with user01.
>> Windows PC is logged to windows 2k12 Activer Directory with user02.
>> I login to share of my SMB_Server from Windows client PC(where i
>> logged with *user02*),* it popups to enter credentials, after
>> providing the use01 only the shares opens*on client PC.
>> Here NO Signing.
>> 
>> 4. Set "*Server signing =auto*", "*map to guest=never*" and set
>> "client signing in windows 2k12 server group policy" to "Microsoft
>> network client: Digitally sign communications (Always)” = *Enable*"
>> SMB_Server is joined to Windows 2k12 Active Directory with user01.
>> Windows PC is logged to windows 2k12 Activer Directory with user02.
>> I login to share of my SMB_Server from Windows client PC(where i
>> logged with user02),* it popups to enter credentials, after providing
>> the use01 only the shares opens*on client PC. (I know that only
>> user01 is added in samba db) Here, signing is done.
>> 
>> 5. Set "*Server signing =mandatory*", "*map to guest=bad uid*" and set
>> "client signing in windows 2k12 server group policy" to "Microsoft
>> network client: Digitally sign communications (Always)” = *Enable*"
>> SMB_Server is joined to Windows 2k12 Active Directory with user01.
>> Windows PC is logged to windows 2k12 Activer Directory with user02.
>> I login to share of my SMB_Server from Windows client PC(where i
>> logged with user02),* it fails to open shares.*
>> Here Signing is done but fails to open
>> 
>> 
>> I want to understand why in case of *#2 and #5* it is not opening
>> shares of my smb-4.7.x shares,
>> 
> 
> Please post your smb.conf
> 
> AND seeing as you didn't understand it when I replied to your first post
> 
> Please post your smb.conf
> 
> Rowland
>