I have an interesting situation. I'm not sure if Samba doesn't support this, or if I have something setup wrong. All Linux/BSD machines: Samba 3.0.10 Windows XP cannot connect to a Samba Server when the Samba server is a member of a Samba Domain, and authentication is restricted to NTLMv2 _IF_ The Windows XP machine has the following Security Policy turned on: Network security: Minimum session security for NTLM SSP based (including secure RPC) clients/servers Require NTLMv2 session security I would have laid this to rest, _EXCEPT_ that this setting does not harm the connections to the PDC running Samba as well. The Windows XP can login to the domain, and browse shares on the Samba PDC, but it cannot coonnect to Samba Member servers authenticating through the PDC via security = server AND password server = *. When I turn off this Windows XP setting, everything works fine. This option does not exist in <= Windows 2000, therefore Windows 2000/NT is not affected. PDC and MEMBER have the following vital information in smb.conf ... # require NTLMv2 encrypt passwords = yes ntlm auth = no lanman auth = no client lanman auth = no client ntlmv2 auth = yes client plaintext auth = no ... MEMBER is set to security = server password server = * -- Aaron Zirbes Systems Administrator Environmental Health Sciences University of Minnesota
On Fri, 2005-01-28 at 14:25 -0600, Aaron J. Zirbes wrote:> I have an interesting situation. I'm not sure if Samba doesn't support > this, or if I have something setup wrong. > > All Linux/BSD machines: Samba 3.0.10> I would have laid this to rest, _EXCEPT_ that this setting does not harm > the connections to the PDC running Samba as well. The Windows XP can > login to the domain, and browse shares on the Samba PDC, but it cannot > coonnect to Samba Member servers authenticating through the PDC via > security = server AND password server = *.Yes, security=server is a bad, bad thing. Use security=domain, and some things will be better. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20050129/a8967113/attachment.bin