[Samba] RequireSecuritySignature=1 and public share with guest not working

Olszewski, Raphael r.olszewski at ssc-services.de
Fri Mar 13 08:57:02 MDT 2015 

Hi Louis
I explicitly have to change on win7-client the parameter [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
from RequireSecuritySignature=0   =>   RequireSecuritySignature=1
and then I have the problem.
Before everything is working.
All solutions in the wide web just tell me to set RequireSecuritySignature=0, but this is NOT the solution for me since I have to activate RequireSecuritySignature=1
My question originally is: Why it is failing then? Or what I have to do, that this is working with RequireSecuritySignature=1?

Raphael



___________________________________________
-----Ursprüngliche Nachricht-----
Von: L.P.H. van Belle [mailto:belle at bazuin.nl]
Gesendet: Freitag, 13. März 2015 11:22
An: samba at lists.samba.org
Betreff: Re: [Samba] RequireSecuritySignature=1 and public share with guest not working

strange i did not change anything in my windows 7 64bit.
This is my full setup pretty basic.
Ubuntu 14.04.2 LTS, Trusty Tahr, with sernet samba 4.1.17-9

I do have 1 user for samba.

pdbedit -L
xbmc:5000:MediaUser

[global]

   workgroup = PRIVE
   server string = %h server
   dns proxy = yes
;   name resolve order = lmhosts host wins bcast

#### Networking ####
#   interfaces = 127.0.0.0/8 eth0
#   bind interfaces only = yes

#### Debugging/Accounting ####
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d

####### Authentication #######
## stand alone everything open.
   security = user
   guest ok = yes
   map to guest = bad password
####
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes


########## Printing ##########
    #---- disable printing completely
    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes

#======================= Share Definitions =======================

[homes]
    comment = Home Directorie
    browseable = no
    read only = yes
    valid users = %S

[backups]
    comment = Backups Share
    path = /media/diverse/backups
    force user = xbmc
    read only = no
    guest ok = yes



>-----Oorspronkelijk bericht-----
>Van: r.olszewski at ssc-services.de
>[mailto:samba-bounces at lists.samba.org] Namens Olszewski, Raphael
>Verzonden: vrijdag 13 maart 2015 10:42
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] RequireSecuritySignature=1 and public share with
>guest not working
>
>Hi
>I tried exactly your type of config.
>
>With "RequireSecuritySignature=0" the anon access is working like
>expected.
>As soon, as I set "RequireSecuritySignature=1" it is not working
>anymore.
>
>So it seem to be not the problem to configure the guest-access. But
>seems the problem with requiring the signing.
>Thought it can be fixed with the right config, but did not find a
>working combination.
>
>Do i have to setup certificates for the signing?
>Or how the messages will be signed?
>My guess is, that the signing isn't working like expected ...
>
>Gruß Raphael
>___________________________________________
>-----Ursprüngliche Nachricht-----
>Von: L.P.H. van Belle [mailto:belle at bazuin.nl]
>Gesendet: Freitag, 13. März 2015 09:08
>
>Hai,
>
>Try these settings in global settings.
>
>####### Authentication #######
>## stand alone everything open.
>   security = user
>   guest ok = yes
>   map to guest = bad password
>
>add these to the share.
>guest ok = yes
>
>Sets samba open without pasword prompt.
>I use it at home for my kodi server.
>
>Greetz,
>
>Louis
>
>
>>-----Oorspronkelijk bericht-----
>>Van: r.olszewski at ssc-services.de
>>[mailto:samba-bounces at lists.samba.org] Namens Olszewski, Raphael
>>Verzonden: donderdag 12 maart 2015 18:17
>>
>>Hello
>>I have an samba server with a public share. It was configured with
>>security=share.
>>Now I have to tight security with setting those flags in the windows
>>client:
>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWor
>>kstation\Parameters]
>>EnablePlainTextPassword=0
>>EnableSecuritySignature=1
>>RequireSecuritySignature=1
>>
>..
>>
>>The Client shows ReasonCode: 0x80004005 When I change registry to
>>RequireSecuritySignature=0, I can access
>>
>>How I have to configure the smb-server to have a real public share for
>>windows7-clients not being configured especially (domain,
>>computer-account, user, ...) Do I understand Security-signature wrong?
>>Is this scenario possible without being the samba server joined to the
>>domain? (What I wanted)
>>
>>Raphael
>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list