> We're running Fedora Core and Samba-3.0.8-0.pre1.3 and we're authenticating > our Windows XP users against Active Directory running on Windows 2003. > Everything works fine! > > But now we're trying to secure and harden our WinXP machines and now when > any user logged into a secured WinXP they get the errormessage "The account > is not authorized to log in from this station". I browsed the net and most > solutions tell me to change the smb.conf to: > encrypt passwords = yes > > However, this didn't work (later, it turned out it worked without this > setting anyway). But since it did work before securing the WinXP I started > looking into the policysettings of the client. I found that the following > GPO-setting was the reason why it stopped working: > Microsoft network client: Digitally sign communications (always) > If we set this to Disabled it works again. > > This security option setting determines whether packet signing is required > by the SMB client component. Enabling this setting prevents the Microsoft > network client from communicating with a server unless that server agrees to > perform SMB packet signing. You risk gettings your sessions hijcaked > otherwise. > > Doesn't Samba support this? Try spnego = yes Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
