[Samba] RequireSecuritySignature=1 and public share with guest not working
L.P.H. van Belle
belle at bazuin.nl
Fri Mar 13 09:20:51 MDT 2015
check the output of :
echo "\n" | testparm -vv | grep signing
and
echo "\n" | testparm -vv | grep protocol
for my the default is :
client max protocol = NT1
but i dont use signing.
but i "think" you need to set the client signing = manadatory
and
client max protocol = SMB2
( from man smb.conf )
but if anyone know this better on the list, please correct me.
Im not sure in this one, never used it..
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: r.olszewski at ssc-services.de
>[mailto:samba-bounces at lists.samba.org] Namens Olszewski, Raphael
>Verzonden: vrijdag 13 maart 2015 15:57
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] RequireSecuritySignature=1 and public
>share with guest not working
>
>Hi Louis
>I explicitly have to change on win7-client the parameter
>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWor
>kstation\Parameters]
>from RequireSecuritySignature=0 => RequireSecuritySignature=1
>and then I have the problem.
>Before everything is working.
>All solutions in the wide web just tell me to set
>RequireSecuritySignature=0, but this is NOT the solution for
>me since I have to activate RequireSecuritySignature=1
>My question originally is: Why it is failing then? Or what I
>have to do, that this is working with RequireSecuritySignature=1?
>
>Raphael
>
>
>
>___________________________________________
>-----Ursprüngliche Nachricht-----
>Von: L.P.H. van Belle [mailto:belle at bazuin.nl]
>Gesendet: Freitag, 13. März 2015 11:22
>An: samba at lists.samba.org
>Betreff: Re: [Samba] RequireSecuritySignature=1 and public
>share with guest not working
>
>strange i did not change anything in my windows 7 64bit.
>This is my full setup pretty basic.
>Ubuntu 14.04.2 LTS, Trusty Tahr, with sernet samba 4.1.17-9
>
>I do have 1 user for samba.
>
>pdbedit -L
>xbmc:5000:MediaUser
>
>[global]
>
> workgroup = PRIVE
> server string = %h server
> dns proxy = yes
>; name resolve order = lmhosts host wins bcast
>
>#### Networking ####
># interfaces = 127.0.0.0/8 eth0
># bind interfaces only = yes
>
>#### Debugging/Accounting ####
> log file = /var/log/samba/log.%m
> max log size = 1000
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
>
>####### Authentication #######
>## stand alone everything open.
> security = user
> guest ok = yes
> map to guest = bad password
>####
> encrypt passwords = true
> passdb backend = tdbsam
> obey pam restrictions = yes
> unix password sync = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
>*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> pam password change = yes
>
>
>########## Printing ##########
> #---- disable printing completely
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
>#======================= Share Definitions =======================
>
>[homes]
> comment = Home Directorie
> browseable = no
> read only = yes
> valid users = %S
>
>[backups]
> comment = Backups Share
> path = /media/diverse/backups
> force user = xbmc
> read only = no
> guest ok = yes
>
>
>
>>-----Oorspronkelijk bericht-----
>>Van: r.olszewski at ssc-services.de
>>[mailto:samba-bounces at lists.samba.org] Namens Olszewski, Raphael
>>Verzonden: vrijdag 13 maart 2015 10:42
>>Aan: samba at lists.samba.org
>>Onderwerp: Re: [Samba] RequireSecuritySignature=1 and public
>share with
>>guest not working
>>
>>Hi
>>I tried exactly your type of config.
>>
>>With "RequireSecuritySignature=0" the anon access is working like
>>expected.
>>As soon, as I set "RequireSecuritySignature=1" it is not working
>>anymore.
>>
>>So it seem to be not the problem to configure the guest-access. But
>>seems the problem with requiring the signing.
>>Thought it can be fixed with the right config, but did not find a
>>working combination.
>>
>>Do i have to setup certificates for the signing?
>>Or how the messages will be signed?
>>My guess is, that the signing isn't working like expected ...
>>
>>Gruß Raphael
>>___________________________________________
>>-----Ursprüngliche Nachricht-----
>>Von: L.P.H. van Belle [mailto:belle at bazuin.nl]
>>Gesendet: Freitag, 13. März 2015 09:08
>>
>>Hai,
>>
>>Try these settings in global settings.
>>
>>####### Authentication #######
>>## stand alone everything open.
>> security = user
>> guest ok = yes
>> map to guest = bad password
>>
>>add these to the share.
>>guest ok = yes
>>
>>Sets samba open without pasword prompt.
>>I use it at home for my kodi server.
>>
>>Greetz,
>>
>>Louis
>>
>>
>>>-----Oorspronkelijk bericht-----
>>>Van: r.olszewski at ssc-services.de
>>>[mailto:samba-bounces at lists.samba.org] Namens Olszewski, Raphael
>>>Verzonden: donderdag 12 maart 2015 18:17
>>>
>>>Hello
>>>I have an samba server with a public share. It was configured with
>>>security=share.
>>>Now I have to tight security with setting those flags in the windows
>>>client:
>>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWor
>>>kstation\Parameters]
>>>EnablePlainTextPassword=0
>>>EnableSecuritySignature=1
>>>RequireSecuritySignature=1
>>>
>>..
>>>
>>>The Client shows ReasonCode: 0x80004005 When I change registry to
>>>RequireSecuritySignature=0, I can access
>>>
>>>How I have to configure the smb-server to have a real public
>share for
>>>windows7-clients not being configured especially (domain,
>>>computer-account, user, ...) Do I understand
>Security-signature wrong?
>>>Is this scenario possible without being the samba server
>joined to the
>>>domain? (What I wanted)
>>>
>>>Raphael
>>
>>
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions: https://lists.samba.org/mailman/options/samba
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list