Getting Samba secure in Windows
The setting of server-side SMB Signing, LDAP Service Signing and Kerberos/NTLMv2 Only authentication improves overall Windows security, but Samba does not support this mode of operations. Any thoughts on how to get Linux to act as a good Net citizen in a secured Windows environment?
I suspect that your question was valid with earlier versions of Samba, but is no longer. I think that all the features you specify are now supported in Samba 3.0.9, which was released on Nov. 15, 2004 (Release Notes
). I am aware, as you obviously are, that there is a danger of SMB spoofing, which is the reason that someone would want to look at the SMB Signing., LDAP Service Signing and Kerberos/NTLMv2; many users were asking for these enhancements for the latest versions of SAMBA. Also if all of your Windows clients are Windows 2000 or later than you probably don't need NTLMv2, just Kerberos.
I think the following resources may be valuable to you in order to configure these features in comparison to previous versions.
This was first published in December 2004