cli_negprot: SMB signing is mandatory and we have disabled it. - Adventures in Switching to Linux

Monday, June 2, 2008

cli_negprot: SMB signing is mandatory and we have disabled it.

I am trying to mount a Windows share on a a 2003 server machine with an old Fedora Core 1 box. Mounting the same share using the same command on Ubuntu 8.04 worked (Samba 3.0.28a) but not on Fedora (Samba 3.0.7-2.FC1). The Fedora box also was able to mount a share on Windows XP without any problems. The error I kept getting was cli_negprot: SMB signing is mandatory and we have disabled it.

Looking around some I found that this is due to a security policy in Windows 2003 Server that forces the connections to be encrypted. To disable it, on the Win2k3 box go to Administrative Tools -> Domain Controller Security Policy. Then select Local Policies -> Security Options and find the policy Microsoft network server: Digitally sign communications (always). Disable that. (I also had to disable: Microsoft network server: Digitally sign communications (if client agrees) to keep from getting a Permission denied). You will then you will want to reload the policy with 'gpupdate'.


After that though, I got another error message: tree connect failed: ERRDOS - ERRnosuchshare (You specified an invalid share name) That message means that I am trying to mount a directory inside of the share (which I am, and which works on the newer versions of Samba). This fix for that is to just mount the share and change your path references (or upgrade).

Instead of:
mount -t smbfs -o username=USER,password=PASS //HOST/SHARE/DIR /mnt/DEST/

Use:
mount -t smbfs -o username=USER,password=PASS //HOST/SHARE /mnt/DEST/

and then change your usage to always change to the DIR.

4 comments:

George said...

Hey buddy! Good on you. Do you remember that I got my first linux disc from you back in highschool?

I've been running Ubuntu 100% on my laptop and my desktop. Started with Gutsy and have migrated to Hardy. I'm loving it and can't see myself ever switching back!

M.PASHA said...

Use cifs in the place of smbfs.

M.PASHA said...

Use cifs in the place of smbfs.

M.PASHA said...

Use cifs in the place of smbfs.