Pablo Sanz Fernández
2019-Nov-14 19:48 UTC
[Samba] Windows server parameter equivalent to “server schannel = no”
Hi, We have successfully upgraded from samba 4.4.3 to samba 4.9.13 as AD controller with your very helpfully advice. When we finished the upgrade process, and with all servers fully working, including printer and shares servers, we did have to add the ?server schannel = no? parameter to smb.conf because of a EMC Unity NAS that was giving secure channel error on user validation. After that change everything was working great. Now we want to add to that samba 4.9.13 AD domain a Windows 2008R2 as additional domain controller. And is happening again the same ?secure channel? errors on the EMC Unity NAS. Do you know what is the equivalent parameter in the windows server registry for the samba ?server schannel = no?? Regards, Pablo Sanz
Rowland penny
2019-Nov-14 20:38 UTC
[Samba] Windows server parameter equivalent to “server schannel = no”
On 14/11/2019 19:48, Pablo Sanz Fern?ndez via samba wrote:> Hi, > > We have successfully upgraded from samba 4.4.3 to samba 4.9.13 as AD controller with your very helpfully advice. > > When we finished the upgrade process, and with all servers fully working, including printer and shares servers, we did have to add the ?server schannel = no? parameter to smb.conf because of a EMC Unity NAS that was giving secure channel error on user validation. After that change everything was working great. > > Now we want to add to that samba 4.9.13 AD domain a Windows 2008R2 as additional domain controller. And is happening again the same ?secure channel? errors on the EMC Unity NAS. > > Do you know what is the equivalent parameter in the windows server registry for the samba ?server schannel = no?? > > Regards, > > Pablo SanzOuch, that NAS must be old, if you consult 'man smb.conf' about 'server schannel' it says this: Please note that with this set to no, you will have to apply the WindowsXP WinXP_SignOrSeal.reg registry patch found in the docs/registry subdirectory of the Samba distribution tarball. Problem is, the '/docs' directory no longer exists, never mind the patch. I had to go back to Samba 3.0.9 before I found the patch, which refers to sign or seal, so I don't really think you want to mess with that ;-) 'server schannel' has been marked as deprecated and could be removed at any time, so I think you need to fix your NAS if possible, either that or replace it. Rowland