Bill Chockla
2012-Sep-26 16:04 UTC
[Samba] Fw: Connection fails with Server/Client Signing = Mandatory
Hello, Has anyone had a chance to review this question? Thank you, Bill ----- Forwarded by Bill Chockla/Durham/Contr/IBM on 09/26/2012 10:04 AM ----- From: Bill Chockla/Durham/Contr/IBM To: samba at samba.org, Date: 09/10/2012 12:52 PM Subject: Connection fails with Server/Client Signing = Mandatory Hello, When I add "server signing = mandatory" to my smb.conf file (AIX V6.1, 6100-04-11-1140 running Samba v3.6.5) that has "encrypt passwords = no", my windows client no longer can connect. It fails with system error 64. The windows system is running XP vers 2002 with service pack 3. The security settings are set to: Microsoft network client: Digitally sign communications (always) Disabled Microsoft network client: Digitally sign communications (if server agrees) Enabled Microsoft network client: Send unencrypted password to third-party SMB servers Enabled Microsoft network server: Amount of idle time required before suspending session 15 minutes Microsoft network server: Digitally sign communications (always) Disabled Microsoft network server: Digitally sign communications (if client agrees) Disabled Microsoft network server: Disconnect clients when logon hours expire Enabled Like wise, when I add "server signing = mandatory" to my smb.conf file that has "encrypt passwords = yes" (and "passdb backend = smbpasswd" with valid id/password in the smbpasswd file), my AIX client no longer can connect. I have added "client signing = mandatory" to smb.conf also and get the same results (unencrypted: windows clients cannot connect. encrypted: aix clients cannot connect). Are there any known problems in v3.6.5 related to these connection problems? Are there any fixes in newer releases? I have logs with debug level 5 for the connection problem sequences if someone needs that information. I can ftp them if someone can give me an ftp site, id/password. Thank you in advance for your help! Bill Chockla
hceuterpe at gmail.com
2012-Sep-29 02:31 UTC
[Samba] Fw: Connection fails with Server/Client Signing = Mandatory
I see an issue with this line Microsoft network client: Digitally sign communications (always) Disabled Set both that and the network server policy as enabled and see what happens. Setting that as disabled only makes sense if the samba setting is still set to auto. Otherwise, it appears conflicting. On Sep 26, 2012 11:06 AM, "Bill Chockla" <chockla at us.ibm.com> wrote:> > > Hello, > Has anyone had a chance to review this question? > Thank you, > Bill > > ----- Forwarded by Bill Chockla/Durham/Contr/IBM on 09/26/2012 10:04 AM > ----- > > From: Bill Chockla/Durham/Contr/IBM > To: samba at samba.org, > Date: 09/10/2012 12:52 PM > Subject: Connection fails with Server/Client Signing = Mandatory > > > Hello, > When I add "server signing = mandatory" to my smb.conf file (AIX V6.1, > 6100-04-11-1140 running Samba v3.6.5) that has "encrypt passwords = no", my > windows client no longer can connect. It fails with system error 64. > > The windows system is running XP vers 2002 with service pack 3. The > security settings are set to: > Microsoft network client: Digitally sign communications (always) > Disabled > Microsoft network client: Digitally sign communications (if server > agrees) Enabled > Microsoft network client: Send unencrypted password to third-party > SMB servers Enabled > Microsoft network server: Amount of idle time required before > suspending session 15 minutes > Microsoft network server: Digitally sign communications (always) > Disabled > Microsoft network server: Digitally sign communications (if client > agrees) Disabled > Microsoft network server: Disconnect clients when logon hours > expire > Enabled > > Like wise, when I add "server signing = mandatory" to my smb.conf file that > has "encrypt passwords = yes" (and "passdb backend = smbpasswd" with valid > id/password in the smbpasswd file), my AIX client no longer can connect. > > I have added "client signing = mandatory" to smb.conf also and get the same > results (unencrypted: windows clients cannot connect. encrypted: aix > clients cannot connect). > > Are there any known problems in v3.6.5 related to these connection > problems? Are there any fixes in newer releases? > > I have logs with debug level 5 for the connection problem sequences if > someone needs that information. I can ftp them if someone can give me an > ftp site, id/password. > Thank you in advance for your help! > Bill Chockla > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
hceuterpe at gmail.com
2012-Sep-29 02:34 UTC
[Samba] Fw: Connection fails with Server/Client Signing = Mandatory
One more thing to add: I'm pretty sure you cannot force signing and still send unencrypted passwords to third party SMB servers (which Samba is): Microsoft network client: Send unencrypted password to third-party SMB servers Enabled Otherwise that also seems to conflict... On Sep 26, 2012 11:06 AM, "Bill Chockla" <chockla at us.ibm.com> wrote:> > > Hello, > Has anyone had a chance to review this question? > Thank you, > Bill > > ----- Forwarded by Bill Chockla/Durham/Contr/IBM on 09/26/2012 10:04 AM > ----- > > From: Bill Chockla/Durham/Contr/IBM > To: samba at samba.org, > Date: 09/10/2012 12:52 PM > Subject: Connection fails with Server/Client Signing = Mandatory > > > Hello, > When I add "server signing = mandatory" to my smb.conf file (AIX V6.1, > 6100-04-11-1140 running Samba v3.6.5) that has "encrypt passwords = no", my > windows client no longer can connect. It fails with system error 64. > > The windows system is running XP vers 2002 with service pack 3. The > security settings are set to: > Microsoft network client: Digitally sign communications (always) > Disabled > Microsoft network client: Digitally sign communications (if server > agrees) Enabled > Microsoft network client: Send unencrypted password to third-party > SMB servers Enabled > Microsoft network server: Amount of idle time required before > suspending session 15 minutes > Microsoft network server: Digitally sign communications (always) > Disabled > Microsoft network server: Digitally sign communications (if client > agrees) Disabled > Microsoft network server: Disconnect clients when logon hours > expire > Enabled > > Like wise, when I add "server signing = mandatory" to my smb.conf file that > has "encrypt passwords = yes" (and "passdb backend = smbpasswd" with valid > id/password in the smbpasswd file), my AIX client no longer can connect. > > I have added "client signing = mandatory" to smb.conf also and get the same > results (unencrypted: windows clients cannot connect. encrypted: aix > clients cannot connect). > > Are there any known problems in v3.6.5 related to these connection > problems? Are there any fixes in newer releases? > > I have logs with debug level 5 for the connection problem sequences if > someone needs that information. I can ftp them if someone can give me an > ftp site, id/password. > Thank you in advance for your help! > Bill Chockla > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Seemingly Similar Threads
- Connection fails with Server/Client Signing = Mandatory
- Two attempts required to join domain
- Access to Samba-Shares with "sign communications = mandatory"
- Low performance when using "server signing" = "mandatory"
- SMB 3.0 & W2003: cli_negprot: SMB signing is mandatory ...