samba - Apr 2004 - samba3 to Win 2003, signing mandatory but disabled?

I am trying to get samba working again, since my employer upgraded to a 
Windows Server 2003.

I have installed samba-3.0.2a-1_rh9.i386.rpm to my Linux (RedHat 9) system.

I can connect to other machines in my domain, read/write files, etc. When I 
try smbmount on the Windows server, I get this error:

cli_negprot: SMB signing is mandatory and we have disabled it.

I have tried enabling SMB signing by combinations such as:
  client signing = yes
  server signing = yes

Could there be something about how samba was compiled, or a setting on the 
server? Could I need to reset and re-join the domain? Could the server be 
doing "Active Directory" stuff, and the client not configured for it?
Do I
have to kerberos 5 simply to mount server shares, and does it change 
anything if I need to share my folders?


-------working output to list shares available--------
$ smbclient -L ntserver
Password:
Domain=[ROBOTRONICS] OS=[Windows Server 2003 3790] Server=[Windows Server 
2003 5.2]

        Sharename      Type      Comment
        ---------      ----      -------
        Gold2          Disk
        tsweb          Disk
        COVERPG$       Disk
... (and so on)



-------output from `testparm -v`---------
# Global parameters
[global]
	dos charset = CP850
	unix charset = UTF-8
	display charset = LOCALE
	workgroup = ROBOTRONICS
	realm 	netbios name = DESIGN2
	netbios aliases 	netbios scope 	server string = Software development
	interfaces 	bind interfaces only = No
	security = DOMAIN
	auth methods 	encrypt passwords = Yes
	update encrypted = No
	client schannel = Auto
	server schannel = Auto
	allow trusted domains = Yes
	hosts equiv 	min passwd length = 5
	map to guest = Never
	null passwords = No
	obey pam restrictions = No
	password server = *
	smb passwd file = /etc/samba/smbpasswd
	private dir = /etc/samba
	passdb backend = smbpasswd
	algorithmic rid base = 1000
	root directory 	guest account = nobody
	pam password change = No
	passwd program 	passwd chat = *new*password* %n\n *new*password* %n\n *changed*
	passwd chat debug = No
	passwd chat timeout = 2
	username map 	password level = 0
	username level = 0
	unix password sync = No
	restrict anonymous = 0
	lanman auth = Yes
	ntlm auth = Yes
	client NTLMv2 auth = No
	client lanman auth = Yes
	client plaintext auth = Yes
	preload modules 	log level = 0
	syslog = 1
	syslog only = No
	log file = /var/log/samba/log.%m
	max log size = 50
	timestamp logs = Yes
	debug hires timestamp = No
	debug pid = No
	debug uid = No
	smb ports = 445 139
	protocol = NT1
	large readwrite = Yes
	max protocol = NT1
	min protocol = CORE
	unicode = Yes
	read bmpx = No
	read raw = Yes
	write raw = Yes
	disable netbios = No
	acl compatibility 	nt pipe support = Yes
	nt status support = Yes
	announce version = 4.9
	announce as = NT
	max mux = 50
	max xmit = 16644
	name resolve order = lmhosts wins host bcast
	max ttl = 259200
	max wins ttl = 518400
	min wins ttl = 21600
	time server = No
	unix extensions = Yes
	use spnego = Yes
	client signing = Yes
	server signing = Yes
	client use spnego = Yes
	change notify timeout = 60
	deadtime = 0
	getwd cache = Yes
	keepalive = 300
	kernel change notify = Yes
	lpq cache time = 10
	max smbd processes = 0
	paranoid server security = Yes
	max disk size = 0
	max open files = 10000
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	use mmap = Yes
	hostname lookups = No
	name cache timeout = 660
	load printers = No
	printcap name = /etc/printcap
	disable spoolss = No
	enumports command 	addprinter command 	deleteprinter command 	show add printer
wizard = Yes
	os2 driver map 	mangling method = hash2
	mangle prefix = 1
	stat cache = Yes
	machine password timeout = 604800
	add user script 	delete user script 	add group script 	delete group script 	add
user to group script 	delete user from group script 	set primary group script 
add machine script 	shutdown script 	abort shutdown script 	logon script 	logon
path = \\%N\%U\profile
	logon drive 	logon home = \\%N\%U
	domain logons = No
	os level = 20
	lm announce = Auto
	lm interval = 60
	preferred master = Auto
	local master = Yes
	domain master = Auto
	browse list = Yes
	enhanced browsing = Yes
	dns proxy = No
	wins proxy = No
	wins server 	wins support = No
	wins hook 	wins partners 	kernel oplocks = Yes
	lock spin count = 3
	lock spin time = 10
	oplock break wait time = 0
	ldap suffix 	ldap machine suffix 	ldap user suffix 	ldap group suffix 	ldap
idmap suffix 	ldap filter = (uid=%u)
	ldap admin dn 	ldap ssl 	ldap passwd sync = no
	ldap delete dn = No
	ldap replication sleep = 1000
	add share command 	change share command 	delete share command 	config file 
preload 	lock directory = /var/lib/samba
	pid directory = /var/run
	utmp directory 	wtmp directory 	utmp = No
	default service 	message command 	dfree command 	get quota command 	set quota
command 	remote announce 	remote browse sync 	socket address = 0.0.0.0
	homedir map 	afs username map 	time offset = 0
	NIS homedir = No
	panic action 	host msdfs = No
	enable rid algorithm = Yes
	idmap backend 	idmap uid 	idmap gid 	template primary group = nobody
	template homedir = /home/%D/%U
	template shell = /bin/false
	winbind separator = \
	winbind cache time = 300
	winbind enable local accounts = Yes
	winbind enum users = Yes
	winbind enum groups = Yes
	winbind use default domain = No
	winbind trusted domains only = No
	comment 	path 	username 	invalid users 	valid users 	admin users 	read list 
write list 	printer admin 	force user 	force group 	read only = Yes
	create mask = 0744
	force create mode = 00
	security mask = 0777
	force security mode = 00
	directory mask = 0755
	force directory mode = 00
	directory security mask = 0777
	force directory security mode = 00
	inherit permissions = No
	inherit acls = No
	guest only = No
	guest ok = No
	only user = No
	hosts allow = 192.168.16., 127.
	hosts deny 	nt acl support = Yes
	profile acls = No
	map acl inherit = No
	afs share = No
	block size = 1024
	max connections = 0
	min print space = 0
	strict allocate = No
	strict sync = No
	sync always = No
	use sendfile = No
	write cache size = 0
	max reported print jobs = 0
	max print jobs = 1000
	printable = No
	printing = bsd
	print command = lpr -r -P'%p' %s
	lpq command = lpq -P'%p'
	lprm command = lprm -P'%p' %j
	lppause command 	lpresume command 	queuepause command 	queueresume command 
printer name 	use client driver = No
	default devmode = No
	default case = lower
	case sensitive = No
	preserve case = Yes
	short preserve case = Yes
	mangle case = No
	mangling char = ~
	hide dot files = Yes
	hide special files = No
	hide unreadable = No
	hide unwriteable files = No
	delete veto files = No
	veto files 	hide files 	veto oplock files 	map system = No
	map hidden = No
	map archive = Yes
	mangled names = Yes
	mangled map 	browseable = Yes
	blocking locks = Yes
	csc policy = manual
	fake oplocks = No
	locking = Yes
	oplocks = Yes
	level2 oplocks = Yes
	oplock contention limit = 2
	posix locking = Yes
	strict locking = Yes
	share modes = Yes
	copy 	include 	exec 	preexec close = No
	postexec 	root preexec 	root preexec close = No
	root postexec 	available = Yes
	volume 	fstype = NTFS
	set directory = No
	wide links = Yes
	follow symlinks = Yes
	dont descend 	magic script 	magic output 	delete readonly = No
	dos filemode = No
	dos filetimes = No
	dos filetime resolution = No
	fake directory create times = No
	vfs objects 	msdfs root = No
	msdfs proxy 
[homes]
	comment = Home Directories
	read only = No
	browseable = No

[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	browseable = No
-----------------------------------------

_________________________________________________________________
Limited-time offer: Fast, reliable MSN 9 Dial-up Internet access FREE for 2 
months! 
http://join.msn.com/?page=dept/dialup&pgmarket=en-us&ST=1/go/onm00200361ave/direct/01/

On Fri, Apr 09, 2004 at 05:25:50PM -0600, Jefferson Smith
wrote:
> I am trying to get samba working again, since my employer upgraded to a 
> Windows Server 2003.
> 
> I have installed samba-3.0.2a-1_rh9.i386.rpm to my Linux (RedHat 9) system.
> 
> I can connect to other machines in my domain, read/write files, etc. When I
> try smbmount on the Windows server, I get this error:
> 
> cli_negprot: SMB signing is mandatory and we have disabled it.
smbfs does not support SMB signing.  Read the archives for information
on this and other issues solved by moving to the 'CIFS VFS'.

Andrew Bartlett