Mount win2k3 share with smbmount? Kernel packet signing

christophe nowicki cscm at meuh.dyndns.org
Fri Feb 6 08:23:24 GMT 2004 

Hi girls,

I have a Debian GNU/Linux box at a client site that needs to mount a win2k3
server share. I'have join the active directory domain with net join.
I can access the share and retrive files using smbclient but when I try
to mount the share with the smbmount command I get the following error :

<18> <ttypts/1> [Fri Feb 06 08:40:17] root at jose:/mnt
1>mount -t smbfs -o username=Administrator,password=mmmmmmmmmmmeeeuuh //KYO/Public /mnt
cli_negprot: SMB signing is mandatory and we have disabled it.
3141: protocol negotiation failed
SMB connection failed

I'have googled a while and found some messages on the samba mailing list :
http://www.mail-archive.com/samba@lists.samba.org/msg31564.html
http://www.spinics.net/lists/samba/msg07787.html
http://lists.samba.org/archive/samba/2003-December/076386.html

Ok nobody can mount thoses win2k3 shares ... it's microsoft
interoperability ...

So I looked at the samba source code. 
I found interisting thinks about this problem.

Protocol negociation failed in cli_negprot at source/libsmb/cliconnect.c:1077 

if (!cli->sign_info.allow_smb_signing) {
				DEBUG(0,("cli_negprot: SMB signing is mandatory and we
have disabled it.\n"));
				return False;
			}
This fonction is called by do_connection at source/client/smbmount.c:191

if (!cli_negprot(c)) {
	DEBUG(0,("%d: protocol negotiation failed\n", sys_getpid()));
	cli_shutdown(c);
	return NULL;

There is an interisting comment at line 168

/* The kernel doesn't yet know how to sign it's packets */
c->sign_info.allow_smb_signing = False;

What does it means? Can I readuce the security level of my win2k3 server
(nice joke ... security level with a windows machine :)) ?

Is it hard to code the packet signing in kernel space? Can someone give
me some informations about packet signing?

Thanks a lot

PS : sorry for my english. I'am not a native speaker :)

-- 
Meuuuhh elle fait la vache :))                       _(__)_        
Nowicki Christophe                                  '-e e -'__,--.__)
17, rue Saint Exupery                                (o_o)        )
77500 Chelles                                          \. /___.  |
Etudiant EPITECH Promo 2006                             ||| _)/_)/
http://etud.epita.fr/~nowick_c/nowick_c.asc             //_(/_(/_(
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20040206/7df4b401/attachment.bin

More information about the samba-technical mailing list