[Samba] RequireSecuritySignature=1 and public share with guest not working

L.P.H. van Belle belle at bazuin.nl
Fri Mar 13 09:20:51 MDT 2015 

check the output of : 

echo "\n" | testparm -vv | grep signing
and 
echo "\n" | testparm -vv | grep protocol 

for my the default is :  
client max protocol = NT1 

but i dont use signing. 

but i "think" you need to set the client signing = manadatory 
and 
client max protocol = SMB2 

( from man smb.conf ) 

but if anyone know this better on the list, please correct me. 
Im not sure in this one, never used it.. 


Greetz, 

Louis


>-----Oorspronkelijk bericht-----
>Van: r.olszewski at ssc-services.de 
>[mailto:samba-bounces at lists.samba.org] Namens Olszewski, Raphael
>Verzonden: vrijdag 13 maart 2015 15:57
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] RequireSecuritySignature=1 and public 
>share with guest not working
>
>Hi Louis
>I explicitly have to change on win7-client the parameter 
>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWor
>kstation\Parameters]
>from RequireSecuritySignature=0   =>   RequireSecuritySignature=1
>and then I have the problem.
>Before everything is working.
>All solutions in the wide web just tell me to set 
>RequireSecuritySignature=0, but this is NOT the solution for 
>me since I have to activate RequireSecuritySignature=1
>My question originally is: Why it is failing then? Or what I 
>have to do, that this is working with RequireSecuritySignature=1?
>
>Raphael
>
>
>
>___________________________________________
>-----Ursprüngliche Nachricht-----
>Von: L.P.H. van Belle [mailto:belle at bazuin.nl]
>Gesendet: Freitag, 13. März 2015 11:22
>An: samba at lists.samba.org
>Betreff: Re: [Samba] RequireSecuritySignature=1 and public 
>share with guest not working
>
>strange i did not change anything in my windows 7 64bit.
>This is my full setup pretty basic.
>Ubuntu 14.04.2 LTS, Trusty Tahr, with sernet samba 4.1.17-9
>
>I do have 1 user for samba.
>
>pdbedit -L
>xbmc:5000:MediaUser
>
>[global]
>
>   workgroup = PRIVE
>   server string = %h server
>   dns proxy = yes
>;   name resolve order = lmhosts host wins bcast
>
>#### Networking ####
>#   interfaces = 127.0.0.0/8 eth0
>#   bind interfaces only = yes
>
>#### Debugging/Accounting ####
>   log file = /var/log/samba/log.%m
>   max log size = 1000
>   syslog = 0
>   panic action = /usr/share/samba/panic-action %d
>
>####### Authentication #######
>## stand alone everything open.
>   security = user
>   guest ok = yes
>   map to guest = bad password
>####
>   encrypt passwords = true
>   passdb backend = tdbsam
>   obey pam restrictions = yes
>   unix password sync = yes
>   passwd program = /usr/bin/passwd %u
>   passwd chat = *Enter\snew\s*\spassword:* %n\n 
>*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>   pam password change = yes
>
>
>########## Printing ##########
>    #---- disable printing completely
>    load printers = no
>    printing = bsd
>    printcap name = /dev/null
>    disable spoolss = yes
>
>#======================= Share Definitions =======================
>
>[homes]
>    comment = Home Directorie
>    browseable = no
>    read only = yes
>    valid users = %S
>
>[backups]
>    comment = Backups Share
>    path = /media/diverse/backups
>    force user = xbmc
>    read only = no
>    guest ok = yes
>
>
>
>>-----Oorspronkelijk bericht-----
>>Van: r.olszewski at ssc-services.de
>>[mailto:samba-bounces at lists.samba.org] Namens Olszewski, Raphael
>>Verzonden: vrijdag 13 maart 2015 10:42
>>Aan: samba at lists.samba.org
>>Onderwerp: Re: [Samba] RequireSecuritySignature=1 and public 
>share with
>>guest not working
>>
>>Hi
>>I tried exactly your type of config.
>>
>>With "RequireSecuritySignature=0" the anon access is working like
>>expected.
>>As soon, as I set "RequireSecuritySignature=1" it is not working
>>anymore.
>>
>>So it seem to be not the problem to configure the guest-access. But
>>seems the problem with requiring the signing.
>>Thought it can be fixed with the right config, but did not find a
>>working combination.
>>
>>Do i have to setup certificates for the signing?
>>Or how the messages will be signed?
>>My guess is, that the signing isn't working like expected ...
>>
>>Gruß Raphael
>>___________________________________________
>>-----Ursprüngliche Nachricht-----
>>Von: L.P.H. van Belle [mailto:belle at bazuin.nl]
>>Gesendet: Freitag, 13. März 2015 09:08
>>
>>Hai,
>>
>>Try these settings in global settings.
>>
>>####### Authentication #######
>>## stand alone everything open.
>>   security = user
>>   guest ok = yes
>>   map to guest = bad password
>>
>>add these to the share.
>>guest ok = yes
>>
>>Sets samba open without pasword prompt.
>>I use it at home for my kodi server.
>>
>>Greetz,
>>
>>Louis
>>
>>
>>>-----Oorspronkelijk bericht-----
>>>Van: r.olszewski at ssc-services.de
>>>[mailto:samba-bounces at lists.samba.org] Namens Olszewski, Raphael
>>>Verzonden: donderdag 12 maart 2015 18:17
>>>
>>>Hello
>>>I have an samba server with a public share. It was configured with
>>>security=share.
>>>Now I have to tight security with setting those flags in the windows
>>>client:
>>>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWor
>>>kstation\Parameters]
>>>EnablePlainTextPassword=0
>>>EnableSecuritySignature=1
>>>RequireSecuritySignature=1
>>>
>>..
>>>
>>>The Client shows ReasonCode: 0x80004005 When I change registry to
>>>RequireSecuritySignature=0, I can access
>>>
>>>How I have to configure the smb-server to have a real public 
>share for
>>>windows7-clients not being configured especially (domain,
>>>computer-account, user, ...) Do I understand 
>Security-signature wrong?
>>>Is this scenario possible without being the samba server 
>joined to the
>>>domain? (What I wanted)
>>>
>>>Raphael
>>
>>
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  https://lists.samba.org/mailman/options/samba
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list