[Samba] Digitially Signed Communications
Shaun Glass - Business Connexion
Shaun.Glass at bcx.co.za
Tue Jun 25 04:05:20 MDT 2013
Dear All,
The below are snippets of the policies that are causing connection issues for me from Windows 7 workstations, connected to a Domain, to Samba Shares :
Microsoft network client: Digitally sign communications (always) Enabled
Microsoft network client: Digitally sign communications (if server agrees) Enabled
Microsoft network server: Digitally sign communications (always) Disabled
Microsoft network server: Digitally sign communications (if client agrees) Enabled
Now the above cannot be altered due to security audit requirements.
>From trouble shooting it seems the following may also be relevant, but as before more than likely cannot be changed :
Network security: LAN Manager authentication level Send NTLMv2 response only
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients Require NTLMv2 session security,Require 128-bit encryption
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers Require NTLMv2 session security,Require 128-bit encryption
The Samba configuration is as follows :
[global]
netbios name = SRV002769
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 10000-50000
winbind enum users = yes
winbind gid = 10000-50000
workgroup = MUD
os level = 20
winbind enum groups = yes
socket address = 10.12.18.160
password server = *
preferred master = no
winbind separator = +
max log size = 50
log file = /var/log/samba/log.%m
dns proxy = no
realm = MUD.INTERNAL.CO.ZA
security = ADS
wins server = 10.11.1.13
wins proxy = no
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
server signing = yes
client signing = yes
Error messages when trying to connect :
[2013/06/25 11:40:41, 0] lib/util_sock.c:read_data(540)
read_data: read failure for 4 bytes to client 172.27.30.20. Error = Connection reset by peer
The Samba servers have been added to the Domain via "net ads join" and here is some version info :
Red Hat Enterprise Linux Server release 5.9 (Tikanga)
samba-3.0.33-3.39.el5_8
samba-common-3.0.33-3.39.el5_8
Anybody encountered a resolution to this issue ?
Regards
Disclaimer
The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.
This email has been scanned for viruses and malware, and automatically archived by Mimecast SA (Pty) Ltd, an innovator in Software as a Service (SaaS) for business. Mimecast Unified Email Management (UEM) offers email continuity, security, archiving and compliance with all current legislation. To find out more, visit http://www.mimecast.co.za/uem.
More information about the samba
mailing list