[Samba] Remote EFS share mounting

Nex6 myndshell at gmail.com
Wed Sep 5 21:05:14 GMT 2007

Hi all,

I have a system/process in place where I mount remote shares(with EFS) on
windows boxes from Linux servers and rsync data to them.  The Windows
now are windows 2000 pro and I need to migrate them to Windows XP or even
Vista later in the future.  The Windows 2000 Pro machines which work are set
like so:

Local folder path: c:\datashare
Share:                \\machinename\share$
AD domain: 2003
--------->ACL on folder: local admins -FULL | system -FULL |service
account -FULL | User account -READ
------------>Share ACL: Everyone FULL
--------------->EFS is setup like so: logon with service account, and set
EFS on folder, backup CERT and import CERT to users account.

This all works perfect in windows 2000, but in windows XP Microsoft
tightened up EFS in addition to above you have to:
set "trusted for delagation" on both the user and computer account at the
domain level.

I found this artical and many others Like it would give the Hex codes to
downgrade the Symetrical crypto:

and also tryed the system Policys and forced: (use FIPS crypto)

I am mounting with mount.cifs like so:
mount -t cifs //machinename/share /home/Nex6/winmount -o

I am greatly suspecting it is the "trusted for delagation" requirements for
EFS remote sharing:
here is a the EFS docs:
got this section:  Remote EFS Operations in a File Share Environment

Does anyone have any insight into this?



More information about the samba mailing list