[Samba] Samba NTLMv2 &&128bit encryption - does it work ?

andy.marr at bt.com andy.marr at bt.com
Fri Oct 2 09:10:51 MDT 2009

Hi  all

I've has issue with widows clients connection to my samba 3.0.33 server
running on Solaris 10.
The SAMBA server has security set as ADS and It works perfectly in the
domain , except for clients which have a 
GPO set with the following enabled.

Require NTMLv2 - needs to be set to enabled. 
Require 128bit encryption - needs to be set to enabled.

Once my Windows admin turns these settings off the clients can connect
to the SAMBA server no problem. 

With the settings turned on, the clients get error 59 "unexpected
network error has occurred".

The samba logs  show "client has disconnected"

1. Its it possible to connect SAMBA to clients which have these settings
2. If so are there  extra config settings do I need in my smb.conf ?

My smb.conf

        workgroup = STGROUP
        netbios name = FGUKSHPPAY001
        realm = STGROUP.COM
        preferred master = no
        server string =   CARD DR Samba Server
        security = ADS
        encrypt passwords = yes
        allow trusted domains = yes
        client ntlmv2 auth = yes
        lanman auth = No
        log level = 3
        log file = /var/samba/log/log.%m
        max log size = 250
        printcap name = /dev/null
        load printers = no
        idmap uid = 62000-73000
        idmap gid = 6200-7300
        winbind use default domain = yes
        winbind enum users = yes
        winbind enum groups = yes
        winbind nested groups = yes
        allow trusted domains = yes
        template homedir = /export/home/%U
        template shell = /bin/bash
#============================ Share Definitions
   comment = lsww
   path = /mirror/livesww/list
   valid users = STGROUP\admandy STGROUP\admtim STGROUP\smythe
   public = yes
   browseable = yes
   read only = yes

I have tried with and without

client ntlmv2 auth = yes
lanman auth = No

Thanks for looking. Any Ideas much appreciated.


More information about the samba mailing list