Mount win2k3 share with smbmount? Kernel packet signing
christophe nowicki
cscm at meuh.dyndns.org
Fri Feb 6 08:23:24 GMT 2004
Hi girls,
I have a Debian GNU/Linux box at a client site that needs to mount a win2k3
server share. I'have join the active directory domain with net join.
I can access the share and retrive files using smbclient but when I try
to mount the share with the smbmount command I get the following error :
<18> <ttypts/1> [Fri Feb 06 08:40:17] root at jose:/mnt
1>mount -t smbfs -o username=Administrator,password=mmmmmmmmmmmeeeuuh //KYO/Public /mnt
cli_negprot: SMB signing is mandatory and we have disabled it.
3141: protocol negotiation failed
SMB connection failed
I'have googled a while and found some messages on the samba mailing list :
http://www.mail-archive.com/samba@lists.samba.org/msg31564.html
http://www.spinics.net/lists/samba/msg07787.html
http://lists.samba.org/archive/samba/2003-December/076386.html
Ok nobody can mount thoses win2k3 shares ... it's microsoft
interoperability ...
So I looked at the samba source code.
I found interisting thinks about this problem.
Protocol negociation failed in cli_negprot at source/libsmb/cliconnect.c:1077
if (!cli->sign_info.allow_smb_signing) {
DEBUG(0,("cli_negprot: SMB signing is mandatory and we
have disabled it.\n"));
return False;
}
This fonction is called by do_connection at source/client/smbmount.c:191
if (!cli_negprot(c)) {
DEBUG(0,("%d: protocol negotiation failed\n", sys_getpid()));
cli_shutdown(c);
return NULL;
There is an interisting comment at line 168
/* The kernel doesn't yet know how to sign it's packets */
c->sign_info.allow_smb_signing = False;
What does it means? Can I readuce the security level of my win2k3 server
(nice joke ... security level with a windows machine :)) ?
Is it hard to code the packet signing in kernel space? Can someone give
me some informations about packet signing?
Thanks a lot
PS : sorry for my english. I'am not a native speaker :)
--
Meuuuhh elle fait la vache :)) _(__)_
Nowicki Christophe '-e e -'__,--.__)
17, rue Saint Exupery (o_o) )
77500 Chelles \. /___. |
Etudiant EPITECH Promo 2006 ||| _)/_)/
http://etud.epita.fr/~nowick_c/nowick_c.asc //_(/_(/_(
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20040206/7df4b401/attachment.bin
More information about the samba-technical
mailing list