[Samba] Must digital signing be disable when connecting to W2K3
SP1 share?
Jeremy Allison
jra at samba.org
Tue Jan 17 23:24:04 GMT 2006
On Tue, Jan 17, 2006 at 06:15:13PM -0500, David Smith wrote:
> Is there a more elegant way to do the following without disabling digital
> signing? What if I have an app requiring digital signing I need to connect
> to the W2K3 in the future?
>
> For explanation have the following;
>
> 1. Linux server running Samba 2.2.8a
> 2. Linux server running Samba 3.0.10
> 3. Window 2003 Server Standard SP1, not running Active Directory or as
> domain controller.
> 4. Windows XP Pro Workstation
>
> Both Windows systems have shared folders, and there is no PDC. The first
> Linux box running Samba2 has no problem mounting the shares on either
> Windows system. The second one running Samba3 has no problem with the XP
> system, but is only able to view the share contents if BOTH of the following
> Group Policy settings are DISABLED.
>
> Microsoft network server: Digitally sign communications (always)
> Microsoft network server: Digitally sign communications (if client agrees)
>
> Otherwise, and "ls" command returns "Permission denied". I understand this
> to be the solution offered to others in the past, but if I understand the
> specs correctly, the current samba should support digital signing. Since
> the second policy (if client agrees) causes the problem as well, it would
> appear that the samba3 box tries to but cannot satify the W2K3 server. FYI,
> I updated to 3.0.21a with no change in behavior.
>
> For test purposes this is how I'm mounting the shares;
>
> # /bin/mkdir -p /mnt/test1
> # /bin/mount -t smbfs -o username=$Username,password=$Password $Destination
> /mnt/test1
>
> I'm sure there are other tin-foil-hat types like myself who hesitate when
> disabling various things in group policy. Ideas anyone?
smbfs doesn't support digital signing. Use CIFSFS. That's the problem.
Jeremy.
More information about the samba
mailing list