Reardon, Timothy CONTRACTOR @ ERD-NH
2016-Mar-31 15:09 UTC
[Samba] samba 3.6 client signing
Hi We have 2 servers running samba 1 is linux 7 /samba 4.2.3 1 is linux 6 /samba 3.6.23-25.0.1 Both are joined to a Windows Domain Both use ADS for security (we use CAC on the client) Recently users of the samba 3.6 shares have been having trouble connecting The issue seems to be theclient registry setting : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters\EnableSecuritySignature Users cant connect to the 3.6 shares with it enabled They can connect to the 4.2.3 shares We have tried server side smb.conf settings but no luck They can only connect when the client registry key is disabled (and this violates a STIG) Anyone seen this? Thoughts? Thx tim Tim Reardon - GCED/GCFA/GCIH/GISP/GSEC RS/GIS CX Systems Administrator ERDC-CRREL Hanover,NH 03755 603-646-4332 Timothy.P.Reardon at usace.army.mil
On 31/03/16 16:09, Reardon, Timothy CONTRACTOR @ ERD-NH wrote:> Hi > We have 2 servers running samba > 1 is linux 7 /samba 4.2.3 > 1 is linux 6 /samba 3.6.23-25.0.1 > > Both are joined to a Windows Domain > Both use ADS for security (we use CAC on the client) > > Recently users of the samba 3.6 shares have been having trouble connecting > > The issue seems to be theclient registry setting : > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters\EnableSecuritySignature > > Users cant connect to the 3.6 shares with it enabled > They can connect to the 4.2.3 shares > > We have tried server side smb.conf settings but no luck > They can only connect when the client registry key is disabled > (and this violates a STIG) > > Anyone seen this? > > Thoughts? > Thx > tim > > Tim Reardon - GCED/GCFA/GCIH/GISP/GSEC > RS/GIS CX Systems Administrator > ERDC-CRREL > Hanover,NH 03755 > 603-646-4332 > Timothy.P.Reardon at usace.army.mil > > > >I take it that when you say 'Linux 7' & 'Linux 6' , there is either the letters R H E or the word Centos in front of the word 'Linux' :-) Is there anyway you can upgrade the 'Linux 6' machines to 'Linux 7' ? This will get you away from the EOL Samba 3.6, for as far as I am aware, only supported Samba versions will get any further updates. Rowland linux 6