[Samba] new Win7 security setting broke Samba

Snyder, Gabrielle S. (LARC-D322)[HP ES] gabrielle.s.snyder at nasa.gov
Thu Oct 25 07:09:07 MDT 2012

It must have been the smb signing.  I hadn't looked at that because I wasn't aware that policy had changed in our environment.  I added 'client signing = required' and 'server signing = required' to my smb.conf and was able to map a drive from the server to my Win7 PC.

Thank you!!!

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Thursday, October 25, 2012 6:47 AM
To: Snyder, Gabrielle S. (LARC-D322)[HP ES]
Cc: samba at lists.samba.org
Subject: Re: [Samba] new Win7 security setting broke Samba

On Wed, 2012-10-24 at 08:48 -0500, Snyder, Gabrielle S. (LARC-D322)[HP ES] wrote:
> Good day all!
> I administer two Samba servers (RHEL 4.5) which, up to recently, had 
> been working well.  Our security officials changed the LAN Manager 
> group policy for the new Win7 systems from 'Send NTLMv2 response only;
> Refuse LM'  to 'Send NTLMv2 response only; Refuse LM & NTLM'.   We
> were running samba 3.0.33.  I have upgraded to 3.6.8-44.  I have tried 
> a variety of different smb.conf file options to get the new version to 
> work with the mandated security policy.  We only use Samba to map 
> Linux shares onto Win7 clients.  The Win7 clients are part of a domain 
> but the Linux servers are not.
> Any help with how to setup Samba to work in this environment would be 
> greatly appreciated.

Can you send in your smb.conf?

Samba has, since 3.0, accepted NTLMv2 passwords, so something else is going wrong here.  Perhaps they also set a smb signing policy, and you didn't enable smb signing, or you are running 'security=server', which is incompatible with NTLMv2?

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list