Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] new Win7 security setting broke Samba
28 views
Skip to first unread message
![Snyder, Gabrielle S. (LARC-D322)[HP ES]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
Snyder, Gabrielle S. (LARC-D322)[HP ES]
Oct 24, 2012, 10:20:01 AM10/24/12
to
Good day all!
I administer two Samba servers (RHEL 4.5) which, up to recently, had been working well. Our security officials changed the LAN Manager group policy for the new Win7 systems from 'Send NTLMv2 response only; Refuse LM' to 'Send NTLMv2 response only; Refuse LM & NTLM'. We were running samba 3.0.33. I have upgraded to 3.6.8-44. I have tried a variety of different smb.conf file options to get the new version to work with the mandated security policy. We only use Samba to map Linux shares onto Win7 clients. The Win7 clients are part of a domain but the Linux servers are not.
Any help with how to setup Samba to work in this environment would be greatly appreciated.
Thank you!
Gabrielle
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I administer two Samba servers (RHEL 4.5) which, up to recently, had been working well. Our security officials changed the LAN Manager group policy for the new Win7 systems from 'Send NTLMv2 response only; Refuse LM' to 'Send NTLMv2 response only; Refuse LM & NTLM'. We were running samba 3.0.33. I have upgraded to 3.6.8-44. I have tried a variety of different smb.conf file options to get the new version to work with the mandated security policy. We only use Samba to map Linux shares onto Win7 clients. The Win7 clients are part of a domain but the Linux servers are not.
Any help with how to setup Samba to work in this environment would be greatly appreciated.
Thank you!
Gabrielle
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Andrew Bartlett
Oct 25, 2012, 6:50:02 AM10/25/12
to
On Wed, 2012-10-24 at 08:48 -0500, Snyder, Gabrielle S. (LARC-D322)[HP
Samba has, since 3.0, accepted NTLMv2 passwords, so something else is
going wrong here. Perhaps they also set a smb signing policy, and you
didn't enable smb signing, or you are running 'security=server', which
is incompatible with NTLMv2?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
ES] wrote:
> Good day all!
> I administer two Samba servers (RHEL 4.5) which, up to recently, had
> been working well. Our security officials changed the LAN Manager
> group policy for the new Win7 systems from 'Send NTLMv2 response only;
> Refuse LM' to 'Send NTLMv2 response only; Refuse LM & NTLM'. We
> were running samba 3.0.33. I have upgraded to 3.6.8-44. I have tried
> a variety of different smb.conf file options to get the new version to
> work with the mandated security policy. We only use Samba to map
> Linux shares onto Win7 clients. The Win7 clients are part of a domain
> but the Linux servers are not.
>
> Any help with how to setup Samba to work in this environment would be
> greatly appreciated.
Can you send in your smb.conf?
> Good day all!
> I administer two Samba servers (RHEL 4.5) which, up to recently, had
> been working well. Our security officials changed the LAN Manager
> group policy for the new Win7 systems from 'Send NTLMv2 response only;
> Refuse LM' to 'Send NTLMv2 response only; Refuse LM & NTLM'. We
> were running samba 3.0.33. I have upgraded to 3.6.8-44. I have tried
> a variety of different smb.conf file options to get the new version to
> work with the mandated security policy. We only use Samba to map
> Linux shares onto Win7 clients. The Win7 clients are part of a domain
> but the Linux servers are not.
>
> Any help with how to setup Samba to work in this environment would be
> greatly appreciated.
Samba has, since 3.0, accepted NTLMv2 passwords, so something else is
going wrong here. Perhaps they also set a smb signing policy, and you
didn't enable smb signing, or you are running 'security=server', which
is incompatible with NTLMv2?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Snyder, Gabrielle S. (LARC-D322)[HP ES]
Oct 25, 2012, 9:10:03 AM10/25/12
to
It must have been the smb signing. I hadn't looked at that because I wasn't aware that policy had changed in our environment. I added 'client signing = required' and 'server signing = required' to my smb.conf and was able to map a drive from the server to my Win7 PC.
Thank you!!!
Thank you!!!
0 new messages