Re: [Freedos-user] FreeDOS/Windows Networks - no interop (Win2003)
Gerry Hickman wrote: anyway. The other setting is something called SMB signing which is related to not being able to hijack open sessions with a packet sniffer. MSCLIENT does not support SMB signing. Go to the Default Domain Controllers Policy and turn off Microsoft network server: Digitally sign communications (always). Overview of Server Message Block signing http://support.microsoft.com/kb/887429/en-us How to enable Windows 98/ME/NT clients to logon to Windows 2003 based Domains http://support.microsoft.com/kb/555038/en-us I can't think of any solution to this; do we have any client software that supports Kerberos authentication or SMB signing?! You are right. We don't have such a beast. Robert Riebisch -- BTTR Software http://www.bttr-software.de/ --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628alloc_id=16845op=click ___ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user
Re: [Freedos-user] FreeDOS/Windows Networks - no interop (Win2003)
Hi Robert, MSCLIENT does not support SMB signing. Go to the Default Domain Controllers Policy and turn off Microsoft network server: Digitally sign communications (always). But as I said in my original post, the Domain Controller admins and IT policy makers are NOT going to agree to have the security policy downgraded on their networks, and this will be the same for all networks from this point on, for years to come. We have to accept that all communication will be using SMB signing; anyone who doesn't use it will be seen as weak on security. How to enable Windows 98/ME/NT clients to logon to Windows 2003 based Domains http://support.microsoft.com/kb/555038/en-us But that article just repeats what I already said. If you look at the DOS section, it just says turn off SMB signing. Win98 and NT are completely different because they both support client implementation for SMB signing but DOS does not support it. -- Gerry Hickman (London UK) --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628alloc_id=16845op=click ___ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user
[Freedos-user] FreeDOS/Windows Networks - no interop (Win2003)
Hi, I've been running FreeDOS with MSCLIENT 3.0 for some time connecting to Windows networks and being able to access files, install o/s etc. Suddenly this week it does not work anymore:( It appears the problem is related to our Domain Controllers being upgraded to Windows Server 2003. As I understand it, Windows 2000 supported LM Authentication, and this was enabled by default on DCs, but now with 2003, LM Authentication has been disabled by default and I can't see many DC Admins allowing the security settings to be downgraded. The general consensus is that LM auth is very insecure anyway. The other setting is something called SMB signing which is related to not being able to hijack open sessions with a packet sniffer. MSCLIENT does not support SMB signing. So what about the future? I'm sure we all want to be able to interact with networks, and everyone on Windows is upgrading. I can't think of any solution to this; do we have any client software that supports Kerberos authentication or SMB signing?! -- Gerry Hickman (London UK) --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628alloc_id=16845op=click ___ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user
