samba - Jun 2013 - Digitially Signed Communications

Dear All,

The below are snippets of the policies that are causing connection issues for me
from Windows 7 workstations, connected to a Domain, to Samba Shares :

Microsoft network client: Digitally sign communications (always)    Enabled
Microsoft network client: Digitally sign communications (if server agrees)   
Enabled

Microsoft network server: Digitally sign communications (always)    Disabled
Microsoft network server: Digitally sign communications (if client agrees)   
Enabled

Now the above cannot be altered due to security audit requirements.
>From trouble shooting it seems the following may also be relevant, but as
before more than likely cannot be changed :
Network security: LAN Manager authentication level    Send NTLMv2 response only

Network security: Minimum session security for NTLM SSP based (including secure
RPC) clients    Require NTLMv2 session security,Require 128-bit encryption
Network security: Minimum session security for NTLM SSP based (including secure
RPC) servers    Require NTLMv2 session security,Require 128-bit encryption

The Samba configuration is as follows :

[global]
        netbios name = SRV002769
        socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
        idmap uid = 10000-50000
        winbind enum users = yes
        winbind gid = 10000-50000
        workgroup = MUD
        os level = 20
        winbind enum groups = yes
        socket address = 10.12.18.160
        password server = *
        preferred master = no
        winbind separator = +
        max log size = 50
        log file = /var/log/samba/log.%m
        dns proxy = no
        realm = MUD.INTERNAL.CO.ZA
        security = ADS
        wins server = 10.11.1.13
        wins proxy = no
        client use spnego = yes
        client ntlmv2 auth = yes
        encrypt passwords = yes
        server signing = yes
        client signing = yes

Error messages when trying to connect :

[2013/06/25 11:40:41, 0] lib/util_sock.c:read_data(540)
  read_data: read failure for 4 bytes to client 172.27.30.20. Error = Connection
reset by peer

The Samba servers have been added to the Domain via "net ads join" and
here is some version info :

Red Hat Enterprise Linux Server release 5.9 (Tikanga)

samba-3.0.33-3.39.el5_8
samba-common-3.0.33-3.39.el5_8

Anybody encountered a resolution to this issue ?

Regards


Disclaimer

The information contained in this communication from the sender is confidential.
It is intended solely for use by the recipient and others authorized to receive
it. If you are not the recipient, you are hereby notified that any disclosure,
copying, distribution or taking action in relation of the contents of this
information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and automatically archived
by Mimecast SA (Pty) Ltd, an innovator in Software as a Service (SaaS) for
business.  Mimecast Unified Email Management (UEM) offers email continuity,
security, archiving and compliance with all current legislation.  To find out
more, visit mimecast.co.za/uem.

On Tue, Jun 25, 2013 at 10:05:20AM +0000, Shaun Glass - Business Connexion
wrote:
> samba-3.0.33-3.39.el5_8
> samba-common-3.0.33-3.39.el5_8
Please make that a RedHat support case. 3.0.33 is out of
official Samba support since 2009.

With best regards,

Volker Lendecke

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 G?ttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG G?ttingen, HRB 2816, GF: Dr. Johannes Loxen
sernet.de, mailto:kontakt at sernet.de