[Samba] Digitially Signed Communications

Shaun Glass - Business Connexion Shaun.Glass at bcx.co.za
Tue Jun 25 04:05:20 MDT 2013 

Dear All,

The below are snippets of the policies that are causing connection issues for me from Windows 7 workstations, connected to a Domain, to Samba Shares :

Microsoft network client: Digitally sign communications (always)    Enabled
Microsoft network client: Digitally sign communications (if server agrees)    Enabled

Microsoft network server: Digitally sign communications (always)    Disabled
Microsoft network server: Digitally sign communications (if client agrees)    Enabled

Now the above cannot be altered due to security audit requirements.

>From trouble shooting it seems the following may also be relevant, but as before more than likely cannot be changed :

Network security: LAN Manager authentication level    Send NTLMv2 response only

Network security: Minimum session security for NTLM SSP based (including secure RPC) clients    Require NTLMv2 session security,Require 128-bit encryption
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers    Require NTLMv2 session security,Require 128-bit encryption

The Samba configuration is as follows :

[global]
        netbios name = SRV002769
        socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
        idmap uid = 10000-50000
        winbind enum users = yes
        winbind gid = 10000-50000
        workgroup = MUD
        os level = 20
        winbind enum groups = yes
        socket address = 10.12.18.160
        password server = *
        preferred master = no
        winbind separator = +
        max log size = 50
        log file = /var/log/samba/log.%m
        dns proxy = no
        realm = MUD.INTERNAL.CO.ZA
        security = ADS
        wins server = 10.11.1.13
        wins proxy = no
        client use spnego = yes
        client ntlmv2 auth = yes
        encrypt passwords = yes
        server signing = yes
        client signing = yes

Error messages when trying to connect :

[2013/06/25 11:40:41, 0] lib/util_sock.c:read_data(540)
  read_data: read failure for 4 bytes to client 172.27.30.20. Error = Connection reset by peer

The Samba servers have been added to the Domain via "net ads join" and here is some version info :

Red Hat Enterprise Linux Server release 5.9 (Tikanga)

samba-3.0.33-3.39.el5_8
samba-common-3.0.33-3.39.el5_8

Anybody encountered a resolution to this issue ?

Regards


Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and automatically archived by Mimecast SA (Pty) Ltd, an innovator in Software as a Service (SaaS) for business.  Mimecast Unified Email Management (UEM) offers email continuity, security, archiving and compliance with all current legislation.  To find out more, visit http://www.mimecast.co.za/uem.

More information about the samba mailing list