[Samba] Windows server parameter equivalent to “server schannel = no”
rpenny at samba.org
Thu Nov 14 20:38:28 UTC 2019
On 14/11/2019 19:48, Pablo Sanz Fernández via samba wrote:
> We have successfully upgraded from samba 4.4.3 to samba 4.9.13 as AD controller with your very helpfully advice.
> When we finished the upgrade process, and with all servers fully working, including printer and shares servers, we did have to add the “server schannel = no” parameter to smb.conf because of a EMC Unity NAS that was giving secure channel error on user validation. After that change everything was working great.
> Now we want to add to that samba 4.9.13 AD domain a Windows 2008R2 as additional domain controller. And is happening again the same “secure channel” errors on the EMC Unity NAS.
> Do you know what is the equivalent parameter in the windows server registry for the samba “server schannel = no”?
> Pablo Sanz
Ouch, that NAS must be old, if you consult 'man smb.conf' about 'server
schannel' it says this:
Please note that with this set to no, you will have to apply the
WindowsXP WinXP_SignOrSeal.reg registry patch found in the docs/registry
subdirectory of the Samba distribution tarball.
Problem is, the '/docs' directory no longer exists, never mind the patch.
I had to go back to Samba 3.0.9 before I found the patch, which refers
to sign or seal, so I don't really think you want to mess with that ;-)
'server schannel' has been marked as deprecated and could be removed at
any time, so I think you need to fix your NAS if possible, either that
or replace it.
More information about the samba