Web lists-archives.com

Re: [Samba] Not working with Windows clients where "Digitally sign communications (always)" is enabled

On Mon, 29 Oct 2018 22:43:54 +0800
Jyunhao Shih via samba <samba@xxxxxxxxxxxxxxx> wrote:

> My Windows machine is not in any domain.
> And the exactly same configuration (map to guest = bad user, guest ok
> = no) works fine when the aforementioned Windows policy setting is not
> enabled. In that case Samba at first doesn't know who my user is,
> either. It lets Windows pop up a username/password dialog to ask me
> for another user credential. Only after I input correct one Windows
> successfully accesses the Samba share.
> In contrast, with "Digitally sign communications (always)" enabled, I
> have no chance to provide another user credential. Windows just shows
> the error message.
> Log files show that both cases first walked through the same process,
> getting user "user2" (that's the account name of my Windows user) and
> tried to use guest account. They began to do different things starting
> from line 223. And in the successful case at line 278 it got what I
> have input, my Ubuntu username "u634410".
> If I haven't got it wrong, supposing the failure is caused by map to
> guest = bad user and guest ok = no, it neither would have worked when
> the Windows policy setting is not enabled, right?

If you are not going to allow guest access, you might as well remove
the 'map to guest' line.

Try adding 'server signing = mandatory' in the [global] section of the
smb.conf file and restart Samba.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba