[Samba] Mandatory Server Signing with Windows 7
Gaiseric Vandal
gaiseric.vandal at gmail.com
Thu Jan 8 07:45:07 MST 2015
The wiki page settings control a netlogon security setting. I guess
the "server signing" parameter applies to all the other traffic. But
my guess - and it is only a guess- is that requiring server signing is
causing the netlogon process to break since it does not support signing.
The e-mail chain you reference does not make it clear if the samba
instance is a domain controller or a standalone server.
You may want to increase logging level and look through the samba logs.
On 01/08/15 07:39, ali-reza.fahimi at schneider-electric.com wrote:
>
> In this mailing chain, Volker states that in order to enable server
> signing, I simply need to set server signing = mandatory.
> I do not understand why I cannot use it?
>
> https://lists.samba.org/archive/samba/2010-November/159265.html
>
>
> Inactive hide details for Gaiseric Vandal ---01/06/2015 11:46:05
> PM---I have not tried with a Samba 4.x DC. As far as I know SaGaiseric
> Vandal ---01/06/2015 11:46:05 PM---I have not tried with a Samba 4.x
> DC. As far as I know Samba 4.x does not have this limitation.
>
> De : Gaiseric Vandal <gaiseric.vandal at gmail.com>
> A : Ali-Reza FAHIMI/FRLAT01/Schneider/SEI at ATD, Samba
> <samba at lists.samba.org>,
> Date : 01/06/2015 11:46 PM
> Objet : Re: [Samba] Mandatory Server Signing with Windows 7
> Envoyé par : samba-bounces at lists.samba.org
>
> ------------------------------------------------------------------------
>
>
>
> I have not tried with a Samba 4.x DC. As far as I know Samba 4.x does
> not have this limitation.
>
>
> On 01/06/15 04:10, ali-reza.fahimi at schneider-electric.com wrote:
> >
> > Does this mean that we cannot use mandatory server signing in Samba 3?
> > What about the later versions? The problem is that lack of server
> > signing is considered a security hole.
> >
> >
> > Inactive hide details for Gaiseric Vandal ---01/05/2015 05:52:53
> > PM---I am fairly certain you do not want server signing = mandGaiseric
> > Vandal ---01/05/2015 05:52:53 PM---I am fairly certain you do not want
> > server signing = mandatory https://wiki.samba.org/index.php/Regi
> >
> > De : Gaiseric Vandal <gaiseric.vandal at gmail.com>
> > A : samba at lists.samba.org,
> > Date : 01/05/2015 05:52 PM
> > Objet : Re: [Samba] Mandatory Server Signing with Windows 7
> > Envoyé par : samba-bounces at lists.samba.org
> >
> > ------------------------------------------------------------------------
> >
> >
> >
> > I am fairly certain you do not want server signing = mandatory
> >
> >
> > https://wiki.samba.org/index.php/Registry_changes_for_NT4-style_domains
> >
> >
> >
> >
> >
> > On 01/05/15 11:31, ali-reza.fahimi at schneider-electric.com wrote:
> > >
> > >
> > > When I enable server signing in Samba (server signing = mandatory),
> > I can
> > > still join a Window 7 machine to the domain but I am no longer able
> > to log
> > > on into the domain using a domain user. Is this normal? I am using
> Samba
> > > 3.6.3 on Linux 12.04. Is there anything that needs to be configured
> > on the
> > > Windows machine?
> > >
> > > Thanks,
> > > Ali
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> > ______________________________________________________________________
> > This email has been scanned by the Symantec Email Security.cloud
> service.
> > ______________________________________________________________________
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> ______________________________________________________________________
>
More information about the samba
mailing list