Monday, June 2, 2008

cli_negprot: SMB signing is mandatory and we have disabled it.

I am trying to mount a Windows share on a a 2003 server machine with an old Fedora Core 1 box. Mounting the same share using the same command on Ubuntu 8.04 worked (Samba 3.0.28a) but not on Fedora (Samba 3.0.7-2.FC1). The Fedora box also was able to mount a share on Windows XP without any problems. The error I kept getting was cli_negprot: SMB signing is mandatory and we have disabled it.

Looking around some I found that this is due to a security policy in Windows 2003 Server that forces the connections to be encrypted. To disable it, on the Win2k3 box go to Administrative Tools -> Domain Controller Security Policy. Then select Local Policies -> Security Options and find the policy Microsoft network server: Digitally sign communications (always). Disable that. (I also had to disable: Microsoft network server: Digitally sign communications (if client agrees) to keep from getting a Permission denied). You will then you will want to reload the policy with 'gpupdate'.


After that though, I got another error message: tree connect failed: ERRDOS - ERRnosuchshare (You specified an invalid share name) That message means that I am trying to mount a directory inside of the share (which I am, and which works on the newer versions of Samba). This fix for that is to just mount the share and change your path references (or upgrade).

Instead of:
mount -t smbfs -o username=USER,password=PASS //HOST/SHARE/DIR /mnt/DEST/

Use:
mount -t smbfs -o username=USER,password=PASS //HOST/SHARE /mnt/DEST/

and then change your usage to always change to the DIR.