shivappa Sangapur
2019-Feb-14 11:52 UTC
[Samba] SMB Signing with "map to guest = " options
Hi, I'm using samba-4.7.x I have some confusions over "map to guest=" options with setting SMB Signing 1. Set "*Server signing =auto*", "*map to guest=bad uid*" and set "client signing in windows 2k12 server group policy" to "Microsoft network client: Digitally sign communications (Always)” = *Disable*" SMB_Server is joined to Windows 2k12 Active Directory with user01. Windows PC is logged to windows 2k12 Activer Directory with user02. I login to share of my SMB_Server from Windows client PC(where i logged with user02),* it opens shares *without any popup on client PC. Here NO signing is done. 2. Set "*Server signing =auto*", "*map to guest=bad uid*" and set "client signing in windows 2k12 server group policy" to "Microsoft network client: Digitally sign communications (Always)” = *Enable*" SMB_Server is joined to Windows 2k12 Active Directory with user01. Windows PC is logged to windows 2k12 Activer Directory with user02. I login to share of my SMB_Server from Windows client PC(where i logged with user02),* it fails to open shares.* Here Signing is done but fails to open 3. Set "*Server signing =auto*", "*map to guest=never*" and set "client signing in windows 2k12 server group policy" to "Microsoft network client: Digitally sign communications (Always)” = *Disable*" SMB_Server is joined to Windows 2k12 Active Directory with user01. Windows PC is logged to windows 2k12 Activer Directory with user02. I login to share of my SMB_Server from Windows client PC(where i logged with *user02*),* it popups to enter credentials, after providing the use01 only the shares opens*on client PC. Here NO Signing. 4. Set "*Server signing =auto*", "*map to guest=never*" and set "client signing in windows 2k12 server group policy" to "Microsoft network client: Digitally sign communications (Always)” = *Enable*" SMB_Server is joined to Windows 2k12 Active Directory with user01. Windows PC is logged to windows 2k12 Activer Directory with user02. I login to share of my SMB_Server from Windows client PC(where i logged with user02),* it popups to enter credentials, after providing the use01 only the shares opens*on client PC. (I know that only user01 is added in samba db) Here, signing is done. 5. Set "*Server signing =mandatory*", "*map to guest=bad uid*" and set "client signing in windows 2k12 server group policy" to "Microsoft network client: Digitally sign communications (Always)” = *Enable*" SMB_Server is joined to Windows 2k12 Active Directory with user01. Windows PC is logged to windows 2k12 Activer Directory with user02. I login to share of my SMB_Server from Windows client PC(where i logged with user02),* it fails to open shares.* Here Signing is done but fails to open I want to understand why in case of *#2 and #5* it is not opening shares of my smb-4.7.x shares, -- Sent from: http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html
On Thu, 14 Feb 2019 05:52:13 -0600 (CST) shivappa Sangapur via samba <samba at lists.samba.org> wrote:> Hi, > > I'm using samba-4.7.x > I have some confusions over "map to guest=" options with setting SMB > Signing 1. Set "*Server signing =auto*", "*map to guest=bad uid*" and > set "client signing in windows 2k12 server group policy" to > "Microsoft network client: Digitally sign communications (Always)” > *Disable*" SMB_Server is joined to Windows 2k12 Active Directory with > user01. Windows PC is logged to windows 2k12 Activer Directory with > user02. I login to share of my SMB_Server from Windows client > PC(where i logged with user02),* it opens shares *without any popup > on client PC. Here NO signing is done. > > 2. Set "*Server signing =auto*", "*map to guest=bad uid*" and set > "client signing in windows 2k12 server group policy" to "Microsoft > network client: Digitally sign communications (Always)” = *Enable*" > SMB_Server is joined to Windows 2k12 Active Directory with user01. > Windows PC is logged to windows 2k12 Activer Directory with user02. > I login to share of my SMB_Server from Windows client PC(where i > logged with user02),* it fails to open shares.* > Here Signing is done but fails to open > > 3. Set "*Server signing =auto*", "*map to guest=never*" and set > "client signing in windows 2k12 server group policy" to "Microsoft > network client: Digitally sign communications (Always)” = *Disable*" > SMB_Server is joined to Windows 2k12 Active Directory with user01. > Windows PC is logged to windows 2k12 Activer Directory with user02. > I login to share of my SMB_Server from Windows client PC(where i > logged with *user02*),* it popups to enter credentials, after > providing the use01 only the shares opens*on client PC. > Here NO Signing. > > 4. Set "*Server signing =auto*", "*map to guest=never*" and set > "client signing in windows 2k12 server group policy" to "Microsoft > network client: Digitally sign communications (Always)” = *Enable*" > SMB_Server is joined to Windows 2k12 Active Directory with user01. > Windows PC is logged to windows 2k12 Activer Directory with user02. > I login to share of my SMB_Server from Windows client PC(where i > logged with user02),* it popups to enter credentials, after providing > the use01 only the shares opens*on client PC. (I know that only > user01 is added in samba db) Here, signing is done. > > 5. Set "*Server signing =mandatory*", "*map to guest=bad uid*" and set > "client signing in windows 2k12 server group policy" to "Microsoft > network client: Digitally sign communications (Always)” = *Enable*" > SMB_Server is joined to Windows 2k12 Active Directory with user01. > Windows PC is logged to windows 2k12 Activer Directory with user02. > I login to share of my SMB_Server from Windows client PC(where i > logged with user02),* it fails to open shares.* > Here Signing is done but fails to open > > > I want to understand why in case of *#2 and #5* it is not opening > shares of my smb-4.7.x shares, >Please post your smb.conf AND seeing as you didn't understand it when I replied to your first post Please post your smb.conf Rowland
Here is my smb.conf [global] workgroup=TEST server string=SMBServ netbios name=SHIVASMB realm=TEST.LOCAL log level=1 log filemax log size=2000 max smbd processes=100 security=ADS password server=10.10.1.5 wins support=no client NTLMv2 auth=Yes wins proxy=no server max protocol=SMB3 client max protocol=SMB3 dns proxy=no wins server=192.168.4.124, 0.0.0.0 name resolve order=lmhosts host wins bcast map to guest=bad uid guest account=root encrypt passwords=yes ntlm auth=yes server signing=auto client signing=auto [Home] path=/home/shiva/ browseable=yes writeable=no public=no guest ok=yes available=1 [Personal] path=/home/data/ browseable=yes writeable=no public=no guest ok=yes available=1> On Feb 14, 2019, at 17:35, Rowland Penny <rpenny at samba.org> wrote: > > On Thu, 14 Feb 2019 05:52:13 -0600 (CST) > shivappa Sangapur via samba <samba at lists.samba.org> wrote: > >> Hi, >> >> I'm using samba-4.7.x >> I have some confusions over "map to guest=" options with setting SMB >> Signing 1. Set "*Server signing =auto*", "*map to guest=bad uid*" and >> set "client signing in windows 2k12 server group policy" to >> "Microsoft network client: Digitally sign communications (Always)” >> *Disable*" SMB_Server is joined to Windows 2k12 Active Directory with >> user01. Windows PC is logged to windows 2k12 Activer Directory with >> user02. I login to share of my SMB_Server from Windows client >> PC(where i logged with user02),* it opens shares *without any popup >> on client PC. Here NO signing is done. >> >> 2. Set "*Server signing =auto*", "*map to guest=bad uid*" and set >> "client signing in windows 2k12 server group policy" to "Microsoft >> network client: Digitally sign communications (Always)” = *Enable*" >> SMB_Server is joined to Windows 2k12 Active Directory with user01. >> Windows PC is logged to windows 2k12 Activer Directory with user02. >> I login to share of my SMB_Server from Windows client PC(where i >> logged with user02),* it fails to open shares.* >> Here Signing is done but fails to open >> >> 3. Set "*Server signing =auto*", "*map to guest=never*" and set >> "client signing in windows 2k12 server group policy" to "Microsoft >> network client: Digitally sign communications (Always)” = *Disable*" >> SMB_Server is joined to Windows 2k12 Active Directory with user01. >> Windows PC is logged to windows 2k12 Activer Directory with user02. >> I login to share of my SMB_Server from Windows client PC(where i >> logged with *user02*),* it popups to enter credentials, after >> providing the use01 only the shares opens*on client PC. >> Here NO Signing. >> >> 4. Set "*Server signing =auto*", "*map to guest=never*" and set >> "client signing in windows 2k12 server group policy" to "Microsoft >> network client: Digitally sign communications (Always)” = *Enable*" >> SMB_Server is joined to Windows 2k12 Active Directory with user01. >> Windows PC is logged to windows 2k12 Activer Directory with user02. >> I login to share of my SMB_Server from Windows client PC(where i >> logged with user02),* it popups to enter credentials, after providing >> the use01 only the shares opens*on client PC. (I know that only >> user01 is added in samba db) Here, signing is done. >> >> 5. Set "*Server signing =mandatory*", "*map to guest=bad uid*" and set >> "client signing in windows 2k12 server group policy" to "Microsoft >> network client: Digitally sign communications (Always)” = *Enable*" >> SMB_Server is joined to Windows 2k12 Active Directory with user01. >> Windows PC is logged to windows 2k12 Activer Directory with user02. >> I login to share of my SMB_Server from Windows client PC(where i >> logged with user02),* it fails to open shares.* >> Here Signing is done but fails to open >> >> >> I want to understand why in case of *#2 and #5* it is not opening >> shares of my smb-4.7.x shares, >> > > Please post your smb.conf > > AND seeing as you didn't understand it when I replied to your first post > > Please post your smb.conf > > Rowland >