[Samba] Must digital signing be disable when connecting to W2K3 SP1
dvdsmith at donjacobs.com
Tue Jan 17 23:15:13 GMT 2006
Is there a more elegant way to do the following without disabling digital
signing? What if I have an app requiring digital signing I need to connect
to the W2K3 in the future?
For explanation have the following;
1. Linux server running Samba 2.2.8a
2. Linux server running Samba 3.0.10
3. Window 2003 Server Standard SP1, not running Active Directory or as
4. Windows XP Pro Workstation
Both Windows systems have shared folders, and there is no PDC. The first
Linux box running Samba2 has no problem mounting the shares on either
Windows system. The second one running Samba3 has no problem with the XP
system, but is only able to view the share contents if BOTH of the following
Group Policy settings are DISABLED.
Microsoft network server: Digitally sign communications (always)
Microsoft network server: Digitally sign communications (if client agrees)
Otherwise, and "ls" command returns "Permission denied". I understand this
to be the solution offered to others in the past, but if I understand the
specs correctly, the current samba should support digital signing. Since
the second policy (if client agrees) causes the problem as well, it would
appear that the samba3 box tries to but cannot satify the W2K3 server. FYI,
I updated to 3.0.21a with no change in behavior.
For test purposes this is how I'm mounting the shares;
# /bin/mkdir -p /mnt/test1
# /bin/mount -t smbfs -o username=$Username,password=$Password $Destination
I'm sure there are other tin-foil-hat types like myself who hesitate when
disabling various things in group policy. Ideas anyone?
More information about the samba