[Samba] Windows server parameter equivalent to “server schannel = no”

Rowland penny rpenny at samba.org
Thu Nov 14 20:38:28 UTC 2019

On 14/11/2019 19:48, Pablo Sanz Fernández via samba wrote:
> Hi,
> We have successfully upgraded from samba 4.4.3 to samba 4.9.13 as AD controller with your very helpfully advice.
> When we finished the upgrade process, and with all servers fully working, including printer and shares servers, we did have to add the “server schannel = no” parameter to smb.conf because of a EMC Unity NAS that was giving secure channel error on user validation. After that change everything was working great.
> Now we want to add to that samba 4.9.13 AD domain a Windows 2008R2 as additional domain controller. And is happening again the same “secure channel” errors on the EMC Unity NAS.
> Do you know what is the equivalent parameter in the windows server registry for the samba “server schannel = no”?
> Regards,
> Pablo Sanz

Ouch, that NAS must be old, if you consult 'man smb.conf' about 'server 
schannel' it says this:

Please note that with this set to no, you will have to apply the 
WindowsXP WinXP_SignOrSeal.reg registry patch found in the docs/registry 
subdirectory of the Samba distribution tarball.

Problem is, the '/docs' directory no longer exists, never mind the patch.

I had to go back to Samba 3.0.9 before I found the patch, which refers 
to sign or seal, so I don't really think you want to mess with that ;-)

'server schannel' has been marked as deprecated and could be removed at 
any time, so I think you need to fix your NAS if possible, either that 
or replace it.


More information about the samba mailing list