Windows 7 – Connecting to Samba 3.5.2 Server in a Domain

active-directorysambawindows 7

We're in a mixed Unix (AIX in this Samba case) and Windows domain environment.

Part of what our goal to do this year is to upgrade from XP to Windows 7. While testing, we discovered that we couldn't connect to our Samba shares from Windows 7 like we could on Windows XP.

We're running Windows 7 Enterprise x64 and Samba 3.5.2.

We've disabled the firewall on the Windows 7 machine and created the appropriate keys in from the Samba wiki entry on Windows 7.

smb.conf:

>cat smb.conf
[global]
        workgroup = DATABASE
        netbios name = MS
        server string = ms
        interfaces = 10.48.93.202/255.255.255.255 127.0.0.1/255.255.255.255
        encrypt passwords = Yes
        update encrypted = Yes
        pid directory = /opt/pware64/var/locks
        private dir = /opt/pware64/private
        smb passwd file = /opt/pware64/private/smbpasswd
        log level = 1
        log file = /opt/pware64/var/log/samba_log.%m
        max log size = 50
        max xmit = 65535
        name resolve order = host
        deadtime = 3600
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_SNDBUF=32768 SO_RCVBUF=32768
        os level = 255
        preferred master = Yes
        dns proxy = No
        #wins support = Yes
        wins support = No
        lock dir = /opt/pware64/var/locks
        hosts allow = all
        keepalive = 0
        syslog = 2
        winbind enum users = No
        winbind enum groups = No
        smb ports = 139

[homes]
        read only = No

[data]
        comment = Data
        path = /data
        valid users = testpc
        read only = No

[I]
        comment = I Drive
        path = /I
        valid users = dba
        read only = No

[Downloads]
        comment = Downloads
        path = /downloads
        valid users = dba
        read only = No

Connection log:

>$ ll *testpc
-rw-r--r--  1 root system 17K 18 Apr 2011 14:08 samba_log.testpc 

>$ tail -4 *testpc
2011/04/18 14:08:35.408950,  1] smbd/service.c:1069(make_connection_snum)
  testpc (10.48.93.120) connect to service data initially as user testuser (uid=6011, gid=1) (pid 1032402)
[2011/04/18 14:08:35.409878,  1] smbd/service.c:1250(close_cnum)
  testpc (10.48.93.120) closed connection to service data

Connecting to the samba server was attempted through mapping a network drive. It does prompt for the password but it doesn't proceed from there, really. The message that it displays is that The specified server can not perform the requested operation.

Any help would be greatly appreciated. Thanks.

Best Answer

Found out the problem thanks to a co-worker looking into it.

The problem is that within our environment, by default, Windows 7 required all SMB packets to be signed. Samba servers, however, do not. So there are two ways to fix this: turn off client signing in Win7 or add a flag to the smb.conf file in the global section as this: 'server signing = auto'. (we were using Samba 3.5.2).

For Windows 7, you can 'fix' this policy by making it more lenient -- going from requiring digital signatures to optionally using it if the server agrees.

Here's how you can use it:

The local windows security policy changes are as follows: Start menu type GPEdit.msc Browse to Computer Configuration->Windows Settings->Security Settings->Local Policies->Security Options Look for "Microsoft network client: Digitally sign communications (always)" and change it to Disabled

You may also need to do the same for "Microsoft network client: Digitally sign communications (if server agrees)". In theory this should be negotiated during the negotiate/challenge phase of NTLM but it may fail; NTLM doesn't explicitly demand any real negotiation.

Related Topic