[Samba] Not working with Windows clients where "Digitally sign communications (always)" is enabled
Rowland Penny
rpenny at samba.org
Mon Oct 29 11:13:01 UTC 2018
On Mon, 29 Oct 2018 18:42:00 +0800
Jyunhao Shih via samba <samba at lists.samba.org> wrote:
> Samba version: 4.7.6
> OS: Ubuntu 18.04.1 server
> Client: Windows 7 SP1 (Traditional Chinese)
>
> Problem:
> Normally, a client can connect to [homes] share on server.
> (I type \\serverIP\my_user_name and press enter,
> the username/password dialog pops up,
> I input those of my Ubuntu user,
> and the contents of my home dir on the server reveal.)
> But when Win7 is configured with this setting enabled,
> Computer Configuration\Windows Settings\Security Settings\Local
> Policies\Security Options\Microsoft network client: Digitally sign
> communications (always)
> (due to a recent change of security policies where I work),
> no dialog pops up, only an error message, whose English equivalent I
> believe is
> "The account is not authorized to log in from this station."
>
> Successful log.clientIP: https://pastebin.com/HD6ZmscP
> Successful log.smbd: https://pastebin.com/Xy9HHuwB
> Failed log.clientIP: https://pastebin.com/D7gF7G2K
> Failed log.smbd: https://pastebin.com/03nwg48t
> smb.conf: https://pastebin.com/XE6FwDGi
>
> I greatly appreciate any help.
It looks like the Samba 'standalone server' doesn't know who your user
is. You have 'map to guest = bad user' in smb.conf, but have denied
guest access to the shares, so you cannot connect as a guest user.
Are the Windows machines in a domain ?
If they are, it would probably be a good idea to join the 'standalone
server' to the domain.
Rowland
More information about the samba
mailing list