[Samba] SMB Signing with "map to guest = " options

shivappa Sangapur ssangapur3 at gmail.com
Thu Feb 14 11:52:13 UTC 2019


Hi,

I'm using samba-4.7.x
I have some confusions over "map to guest=" options with setting SMB Signing
1. Set "*Server signing =auto*", "*map to guest=bad uid*" and set "client
signing in windows 2k12 server group policy" to "Microsoft network client:
Digitally sign communications (Always)” = *Disable*"
SMB_Server is joined to Windows 2k12 Active Directory with user01.
Windows PC is logged to windows 2k12 Activer Directory with user02.
I login to share of my SMB_Server from Windows client PC(where i logged with
user02),* it opens shares *without any popup on client PC.
Here NO signing is done.

2. Set "*Server signing =auto*", "*map to guest=bad uid*" and set "client
signing in windows 2k12 server group policy" to "Microsoft network client:
Digitally sign communications (Always)” = *Enable*"
SMB_Server is joined to Windows 2k12 Active Directory with user01.
Windows PC is logged to windows 2k12 Activer Directory with user02.
I login to share of my SMB_Server from Windows client PC(where i logged with
user02),* it fails to open shares.*
Here Signing is done but fails to open

3. Set "*Server signing =auto*", "*map to guest=never*" and set "client
signing in windows 2k12 server group policy" to "Microsoft network client:
Digitally sign communications (Always)” = *Disable*"
SMB_Server is joined to Windows 2k12 Active Directory with user01.
Windows PC is logged to windows 2k12 Activer Directory with user02.
I login to share of my SMB_Server from Windows client PC(where i logged with
*user02*),* it popups to enter credentials, after providing the use01 only
the shares opens*on client PC.
Here NO Signing.

4. Set "*Server signing =auto*", "*map to guest=never*" and set "client
signing in windows 2k12 server group policy" to "Microsoft network client:
Digitally sign communications (Always)” = *Enable*"
SMB_Server is joined to Windows 2k12 Active Directory with user01.
Windows PC is logged to windows 2k12 Activer Directory with user02.
I login to share of my SMB_Server from Windows client PC(where i logged with
user02),* it popups to enter credentials, after providing the use01 only the
shares opens*on client PC. (I know that only user01 is added in samba db)
Here, signing is done.

5. Set "*Server signing =mandatory*", "*map to guest=bad uid*" and set
"client signing in windows 2k12 server group policy" to "Microsoft network
client: Digitally sign communications (Always)” = *Enable*"
SMB_Server is joined to Windows 2k12 Active Directory with user01.
Windows PC is logged to windows 2k12 Activer Directory with user02.
I login to share of my SMB_Server from Windows client PC(where i logged with
user02),* it fails to open shares.*
Here Signing is done but fails to open


I want to understand why in case of *#2 and #5* it is not opening shares of
my smb-4.7.x shares,




--
Sent from: http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html



More information about the samba mailing list