Le mercredi 07 septembre 2011 à 13:33 -0500, Dale Schroeder a écrit : > On 09/07/2011 4:45 AM, David Touzeau wrote: > > Dear > > > > Have connected SAMBA to an Active Directory server > > The getent did not show any user and winbindd claim : > > > > [2011/09/07 11:33:29.417355, 1] > > libsmb/cliconnect.c:1769(cli_negprot_done) > > cli_negprot: SMB signing is mandatory and the server doesn't support > > it. > > [2011/09/07 11:33:29.417444, 1] > > winbindd/winbindd_cm.c:856(cm_prepare_connection) > > cli_negprot failed: NT_STATUS_ACCESS_DENIED > > [2011/09/07 11:33:29.696520, 1] > > libsmb/cliconnect.c:1769(cli_negprot_done) > > cli_negprot: SMB signing is mandatory and the server doesn't support > > it. > > [2011/09/07 11:33:29.696599, 1] > > winbindd/winbindd_cm.c:856(cm_prepare_connection) > > cli_negprot failed: NT_STATUS_ACCESS_DENIED > > [2011/09/07 11:33:30.068625, 1] > > libsmb/cliconnect.c:1769(cli_negprot_done) > > cli_negprot: SMB signing is mandatory and the server doesn't support > > it. > > [2011/09/07 11:33:30.068706, 1] > > winbindd/winbindd_cm.c:856(cm_prepare_connection) > > cli_negprot failed: NT_STATUS_ACCESS_DENIED > > > > How can i fix this issue ? > > If I'm reading this error message correctly, you either need to turn > on server signing on the AD machine, or turn off server signing on the > Samba machine. > server signing = Disabled > > Dale > > > > here it is the smb.conf > > > > [global] > > workgroup = USGPEOPLEFR > > netbios name = onesys-samba > > server string = %h server > > disable netbios =no > > strict allocate = No > > strict locking = Auto > > sync always = No > > getwd cache = Yes > > max protocol = NT1 > > name resolve order =host lmhosts wins bcast > > dns proxy = No > > wins support = Yes > > min protocol = NT1 > > remote announce = 10.7.61.255/USGPEOPLEFR > > > > syslog = 3 > > log level = 1 > > log file = /var/log/samba/log.%m > > debug timestamp = yes > > follow symlinks = yes > > wide links = yes > > unix extensions = no > > > > usershare allow guests = no > > usershare max shares = 100 > > usershare owner only = true > > usershare path=/var/lib/samba/usershares/data > > guest account = nobody > > map to guest = Bad Password > > template homedir = /home/%U > > template shell = /bin/false > > enable privileges = yes > > os level = 40 > > ldap passwd sync = no > > > > > > security = ADS > > realm = USGPEOPLEFR.INT > > idmap config USGPEOPLEFR:backend = rid > > idmap config USGPEOPLEFR:read only= yes > > idmap config USGPEOPLEFR:range = 100000 - 199999 > > idmap config USGPEOPLEFR:base_rid = 0 > > idmap gid = 70000 - 99999 > > idmap uid = 70000 - 99999 > > encrypt passwords = Yes > > client ntlmv2 auth = Yes > > client lanman auth = No > > winbind normalize names = Yes > > winbind separator = / > > winbind use default domain = No > > winbind enum users = Yes > > winbind enum groups = Yes > > winbind nested groups = Yes > > winbind nss info = rfc2307 > > winbind offline logon = true > > winbind cache time = 5 > > winbind refresh tickets = true > > kerberos method = system keytab > > allow trusted domains = Yes > > server signing = mandatory > > client signing = mandatory > > lm announce = No > > ntlm auth = No > > lanman auth = No > > preferred master = No > > printing = bsd > > nt acl support=yes > > map acl inherit=yes > > acl check permissions=yes > > inherit permissions=no > > inherit acls=yes > > acl map full control=yes > > dos filemode=yes > > force unknown acl user = no > > > > > > # LDAP settings ----------------------------------- > > ldap delete dn = no > > passdb backend = ldapsam:ldap://127.0.0.1:389 > > ldap admin dn = cn=admin,dc=usgpeoplefr,dc=int > > ldap suffix = dc=usgpeoplefr,dc=int > > ldap group suffix = dc=organizations > > ldap user suffix = dc=organizations > > ldap machine suffix = ou=Computer,dc=samba,dc=organizations > > ldap delete dn = yes > > ldap ssl = off > > ldap idmap suffix = > > ou=idmap,dc=samba,dc=organizations,dc=usgpeoplefr,dc=int > > > > logon path ="" > > logon home ="" > > logon drive = "" > > socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT > > SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 > > case sensitive = No > > default case = lower > > preserve case = yes > > short preserve case = yes > > wins support = Yes > > time server = yes > > msdfs root = no > > host msdfs = no > > Thanks
I set it to "server signing = auto" and it's working like charm !! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
