[Samba] samba3 to Win 2003, signing mandatory but disabled?

Jefferson Smith imajeffs at hotmail.com
Fri Apr 9 23:25:50 GMT 2004


I am trying to get samba working again, since my employer upgraded to a 
Windows Server 2003.

I have installed samba-3.0.2a-1_rh9.i386.rpm to my Linux (RedHat 9) system.

I can connect to other machines in my domain, read/write files, etc. When I 
try smbmount on the Windows server, I get this error:

cli_negprot: SMB signing is mandatory and we have disabled it.

I have tried enabling SMB signing by combinations such as:
  client signing = yes
  server signing = yes

Could there be something about how samba was compiled, or a setting on the 
server? Could I need to reset and re-join the domain? Could the server be 
doing "Active Directory" stuff, and the client not configured for it? Do I 
have to kerberos 5 simply to mount server shares, and does it change 
anything if I need to share my folders?


-------working output to list shares available--------
$ smbclient -L ntserver
Password:
Domain=[ROBOTRONICS] OS=[Windows Server 2003 3790] Server=[Windows Server 
2003 5.2]

        Sharename      Type      Comment
        ---------      ----      -------
        Gold2          Disk
        tsweb          Disk
        COVERPG$       Disk
... (and so on)



-------output from `testparm -v`---------
# Global parameters
[global]
	dos charset = CP850
	unix charset = UTF-8
	display charset = LOCALE
	workgroup = ROBOTRONICS
	realm =
	netbios name = DESIGN2
	netbios aliases =
	netbios scope =
	server string = Software development
	interfaces =
	bind interfaces only = No
	security = DOMAIN
	auth methods =
	encrypt passwords = Yes
	update encrypted = No
	client schannel = Auto
	server schannel = Auto
	allow trusted domains = Yes
	hosts equiv =
	min passwd length = 5
	map to guest = Never
	null passwords = No
	obey pam restrictions = No
	password server = *
	smb passwd file = /etc/samba/smbpasswd
	private dir = /etc/samba
	passdb backend = smbpasswd
	algorithmic rid base = 1000
	root directory =
	guest account = nobody
	pam password change = No
	passwd program =
	passwd chat = *new*password* %n\n *new*password* %n\n *changed*
	passwd chat debug = No
	passwd chat timeout = 2
	username map =
	password level = 0
	username level = 0
	unix password sync = No
	restrict anonymous = 0
	lanman auth = Yes
	ntlm auth = Yes
	client NTLMv2 auth = No
	client lanman auth = Yes
	client plaintext auth = Yes
	preload modules =
	log level = 0
	syslog = 1
	syslog only = No
	log file = /var/log/samba/log.%m
	max log size = 50
	timestamp logs = Yes
	debug hires timestamp = No
	debug pid = No
	debug uid = No
	smb ports = 445 139
	protocol = NT1
	large readwrite = Yes
	max protocol = NT1
	min protocol = CORE
	unicode = Yes
	read bmpx = No
	read raw = Yes
	write raw = Yes
	disable netbios = No
	acl compatibility =
	nt pipe support = Yes
	nt status support = Yes
	announce version = 4.9
	announce as = NT
	max mux = 50
	max xmit = 16644
	name resolve order = lmhosts wins host bcast
	max ttl = 259200
	max wins ttl = 518400
	min wins ttl = 21600
	time server = No
	unix extensions = Yes
	use spnego = Yes
	client signing = Yes
	server signing = Yes
	client use spnego = Yes
	change notify timeout = 60
	deadtime = 0
	getwd cache = Yes
	keepalive = 300
	kernel change notify = Yes
	lpq cache time = 10
	max smbd processes = 0
	paranoid server security = Yes
	max disk size = 0
	max open files = 10000
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	use mmap = Yes
	hostname lookups = No
	name cache timeout = 660
	load printers = No
	printcap name = /etc/printcap
	disable spoolss = No
	enumports command =
	addprinter command =
	deleteprinter command =
	show add printer wizard = Yes
	os2 driver map =
	mangling method = hash2
	mangle prefix = 1
	stat cache = Yes
	machine password timeout = 604800
	add user script =
	delete user script =
	add group script =
	delete group script =
	add user to group script =
	delete user from group script =
	set primary group script =
	add machine script =
	shutdown script =
	abort shutdown script =
	logon script =
	logon path = \\%N\%U\profile
	logon drive =
	logon home = \\%N\%U
	domain logons = No
	os level = 20
	lm announce = Auto
	lm interval = 60
	preferred master = Auto
	local master = Yes
	domain master = Auto
	browse list = Yes
	enhanced browsing = Yes
	dns proxy = No
	wins proxy = No
	wins server =
	wins support = No
	wins hook =
	wins partners =
	kernel oplocks = Yes
	lock spin count = 3
	lock spin time = 10
	oplock break wait time = 0
	ldap suffix =
	ldap machine suffix =
	ldap user suffix =
	ldap group suffix =
	ldap idmap suffix =
	ldap filter = (uid=%u)
	ldap admin dn =
	ldap ssl =
	ldap passwd sync = no
	ldap delete dn = No
	ldap replication sleep = 1000
	add share command =
	change share command =
	delete share command =
	config file =
	preload =
	lock directory = /var/lib/samba
	pid directory = /var/run
	utmp directory =
	wtmp directory =
	utmp = No
	default service =
	message command =
	dfree command =
	get quota command =
	set quota command =
	remote announce =
	remote browse sync =
	socket address = 0.0.0.0
	homedir map =
	afs username map =
	time offset = 0
	NIS homedir = No
	panic action =
	host msdfs = No
	enable rid algorithm = Yes
	idmap backend =
	idmap uid =
	idmap gid =
	template primary group = nobody
	template homedir = /home/%D/%U
	template shell = /bin/false
	winbind separator = \
	winbind cache time = 300
	winbind enable local accounts = Yes
	winbind enum users = Yes
	winbind enum groups = Yes
	winbind use default domain = No
	winbind trusted domains only = No
	comment =
	path =
	username =
	invalid users =
	valid users =
	admin users =
	read list =
	write list =
	printer admin =
	force user =
	force group =
	read only = Yes
	create mask = 0744
	force create mode = 00
	security mask = 0777
	force security mode = 00
	directory mask = 0755
	force directory mode = 00
	directory security mask = 0777
	force directory security mode = 00
	inherit permissions = No
	inherit acls = No
	guest only = No
	guest ok = No
	only user = No
	hosts allow = 192.168.16., 127.
	hosts deny =
	nt acl support = Yes
	profile acls = No
	map acl inherit = No
	afs share = No
	block size = 1024
	max connections = 0
	min print space = 0
	strict allocate = No
	strict sync = No
	sync always = No
	use sendfile = No
	write cache size = 0
	max reported print jobs = 0
	max print jobs = 1000
	printable = No
	printing = bsd
	print command = lpr -r -P'%p' %s
	lpq command = lpq -P'%p'
	lprm command = lprm -P'%p' %j
	lppause command =
	lpresume command =
	queuepause command =
	queueresume command =
	printer name =
	use client driver = No
	default devmode = No
	default case = lower
	case sensitive = No
	preserve case = Yes
	short preserve case = Yes
	mangle case = No
	mangling char = ~
	hide dot files = Yes
	hide special files = No
	hide unreadable = No
	hide unwriteable files = No
	delete veto files = No
	veto files =
	hide files =
	veto oplock files =
	map system = No
	map hidden = No
	map archive = Yes
	mangled names = Yes
	mangled map =
	browseable = Yes
	blocking locks = Yes
	csc policy = manual
	fake oplocks = No
	locking = Yes
	oplocks = Yes
	level2 oplocks = Yes
	oplock contention limit = 2
	posix locking = Yes
	strict locking = Yes
	share modes = Yes
	copy =
	include =
	exec =
	preexec close = No
	postexec =
	root preexec =
	root preexec close = No
	root postexec =
	available = Yes
	volume =
	fstype = NTFS
	set directory = No
	wide links = Yes
	follow symlinks = Yes
	dont descend =
	magic script =
	magic output =
	delete readonly = No
	dos filemode = No
	dos filetimes = No
	dos filetime resolution = No
	fake directory create times = No
	vfs objects =
	msdfs root = No
	msdfs proxy =

[homes]
	comment = Home Directories
	read only = No
	browseable = No

[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	browseable = No
-----------------------------------------

_________________________________________________________________
Limited-time offer: Fast, reliable MSN 9 Dial-up Internet access FREE for 2 
months! 
http://join.msn.com/?page=dept/dialup&pgmarket=en-us&ST=1/go/onm00200361ave/direct/01/



More information about the samba mailing list