Michael Tokarev
2024-Apr-01 11:09 UTC
[Samba] Bad SMB2 (sign_algo_id=1) signature for message
01.04.2024 13:56, Jones Syue ???:>> I can't say for sure but I *think* each time the client is windows server 2012. > > Looks good :) If run this script[1] to test multiple dialects, found only > SMB3_00 and SMB3_02 has this "(sign_algo_id=1)", and per doc[2] it could > be happend with ws2012 and ws2012r2.This *is* 2012 r2. The protocol version it negotiates is shown by smbstatus on samba server, it is SMB3_02. More modern workstations negotiate SMB3_11.> Perhaps some kind of services, like antivirus scan LAN, or printer access, > access attempts to samba server via guest or anonymous account trigger this > log, not quite sure just a preliminary guess :)There's no antivirus running on these machines. At least we tried to disable everything. The access *is* anonymous, always, this is a read-only anonymous share with a big application used by multiple users. It has public=yes, map_to_guest=invalid_user. I can't say when exactly this error is logged.> Is 'Event Viewer' of windows server 2012 could see similar event about > bad/invalid signature too?Somehow I forgot to look there. Let's see.. /mjt
Denis CARDON
2024-Apr-02 09:53 UTC
[Samba] Bad SMB2 (sign_algo_id=1) signature for message
Hi Michael, Le 01/04/2024 ? 13:09, Michael Tokarev via samba a ?crit?:> 01.04.2024 13:56, Jones Syue ???: >>> I can't say for sure but I *think* each time the client is windows >>> server 2012. >> >> Looks good :) If run this script[1] to test multiple dialects, found >> only >> SMB3_00 and SMB3_02 has this "(sign_algo_id=1)", and per doc[2] it could >> be happend with ws2012 and ws2012r2. > > This *is* 2012 r2.? The protocol version it negotiates is shown by > smbstatus > on samba server, it is SMB3_02.? More modern workstations negotiate > SMB3_11. > >> Perhaps some kind of services, like antivirus scan LAN, or printer >> access, >> access attempts to samba server via guest or anonymous account >> trigger this >> log, not quite sure just a preliminary guess :) > > There's no antivirus running on these machines.? At least we tried to > disable > everything. > > The access *is* anonymous, always, this is a read-only anonymous share > with > a big application used by multiple users.? It has public=yes, > map_to_guest=invalid_user. > > I can't say when exactly this error is logged.SMBv2 signing requires to have a shared secret, and I guess that anonymous access don't provide that shared secret for signing / encryption. From [1] "Guest logons don't support standard security features such as signing and encryption." on SMB2. So I guess you should use a account with a password on the client machine to avoid this message. Cheers, Denis [1] https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/guest-access-in-smb2-is-disabled-by-default> >> Is 'Event Viewer' of windows server 2012 could see similar event about >> bad/invalid signature too? > > Somehow I forgot to look there.? Let's see.. > > /mjt >