[Samba] Not working with Windows clients where "Digitally sign communications (always)" is enabled
Rowland Penny
rpenny at samba.org
Mon Oct 29 15:14:13 UTC 2018
On Mon, 29 Oct 2018 22:43:54 +0800
Jyunhao Shih via samba <samba at lists.samba.org> wrote:
> My Windows machine is not in any domain.
> And the exactly same configuration (map to guest = bad user, guest ok
> = no) works fine when the aforementioned Windows policy setting is not
> enabled. In that case Samba at first doesn't know who my user is,
> either. It lets Windows pop up a username/password dialog to ask me
> for another user credential. Only after I input correct one Windows
> successfully accesses the Samba share.
> In contrast, with "Digitally sign communications (always)" enabled, I
> have no chance to provide another user credential. Windows just shows
> the error message.
> Log files show that both cases first walked through the same process,
> getting user "user2" (that's the account name of my Windows user) and
> tried to use guest account. They began to do different things starting
> from line 223. And in the successful case at line 278 it got what I
> have input, my Ubuntu username "u634410".
> If I haven't got it wrong, supposing the failure is caused by map to
> guest = bad user and guest ok = no, it neither would have worked when
> the Windows policy setting is not enabled, right?
>
If you are not going to allow guest access, you might as well remove
the 'map to guest' line.
Try adding 'server signing = mandatory' in the [global] section of the
smb.conf file and restart Samba.
Rowland
More information about the samba
mailing list