Serious Impact of NIST FDCC requirements

bbfoto bbfoto at
Mon Mar 17 16:03:11 GMT 2008

To save someone the horror I just went through, (flipping bits one at a time
through the entire FDCC requirement until samba broke)  - 

To make your samba server compatible with FDCC, add this line to smb.conf
server signing = auto

If your samba server only serves to Windows systems try
server signing = mandatory 

Hope this helps someone!

Jeremy Allison wrote:
> On Wed, Jan 23, 2008 at 12:03:49PM -0500, Loyd Darby wrote:
>> New requirements from Congress and the National Institute of standards 
>> is forcing us to reconsider our Samba domain because of the encryption 
>> requirements and signed communications.
>> I have tried to work my way through Kerberos , server signing and all 
>> that but even though I am no rookie, it is beyond me.
>> Is any one at Samba looking at this?  
>> Unless there is some one out there with the smarts to lead a way through 
>> this. 
>> Pretty much all US federal government agencies will have to abandon 
>> Samba and go down that other path.
>> The root of all this evil can be found here :
> As a DC member we already support krb5 and signed communications,
> as well as NTLMv2. As a PDC Samba3 can do NTLMv2 and signed
> communications (and sealed RPC) but not krb5, you'd need to
> use Samba4 as a PDC (not ready yet) to do krb5.
> Samba 3.2 (under preparation) will add IPv6 support.
> What are you missing ?
> Jeremy.

View this message in context:
Sent from the Samba - samba-technical mailing list archive at

More information about the samba-technical mailing list