[Samba] Must digital signing be disable when connecting to W2K3 SP1 share?

Jeremy Allison jra at samba.org
Tue Jan 17 23:24:04 GMT 2006

On Tue, Jan 17, 2006 at 06:15:13PM -0500, David Smith wrote:
> Is there a more elegant way to do the following without disabling digital
> signing?  What if I have an app requiring digital signing I need to connect
> to the W2K3 in the future?
> For explanation have the following;
> 1. Linux server running Samba 2.2.8a
> 2. Linux server running Samba 3.0.10
> 3. Window 2003 Server Standard SP1, not running Active Directory or as
> domain controller.
> 4. Windows XP Pro Workstation
> Both Windows systems have shared folders, and there is no PDC.  The first
> Linux box running Samba2 has no problem mounting the shares on either
> Windows system.  The second one running Samba3 has no problem with the XP
> system, but is only able to view the share contents if BOTH of the following
> Group Policy settings are DISABLED.
> 	Microsoft network server: Digitally sign communications (always)
> 	Microsoft network server: Digitally sign communications (if client agrees)
> Otherwise, and "ls" command returns "Permission denied".  I understand this
> to be the solution offered to others in the past, but if I understand the
> specs correctly, the current samba should support digital signing.  Since
> the second policy (if client agrees) causes the problem as well, it would
> appear that the samba3 box tries to but cannot satify the W2K3 server.  FYI,
> I updated to 3.0.21a with no change in behavior.
> For test purposes this is how I'm mounting the shares;
> 	# /bin/mkdir -p /mnt/test1
> 	# /bin/mount -t smbfs -o username=$Username,password=$Password $Destination
> /mnt/test1
> I'm sure there are other tin-foil-hat types like myself who hesitate when
> disabling various things in group policy. Ideas anyone?

smbfs doesn't support digital signing. Use CIFSFS. That's the problem.


More information about the samba mailing list