thr3ads.net - samba - [Samba] SMB Signature verification failed on incoming packet! [Mar 2005]

If this information is useful, please help other people find it:
Share via:

David Nalley

2005-Mar-01 01:51 UTC

[Samba] SMB Signature verification failed on incoming packet!

I am running Samba 3.0.9/KRB5 1.4 on Centos 3.4 on x86 with security = ADS in a
Win2k3 domain. I have successfully used kinit to authenticate, joined the
domain, and wbinfo -g/-u/-t return the expected results. However, when I try and
access the samba shares from a Win2k3 box, it fails telling me I don't have
permissions to access the share. Needless to say I am thoroughly perplexed. I
have seen several posts regarding this situation, but no clear direction on
solving it. After two days of googling, the list archives, and #samba, I beg the
list to put me out of my misery. Below are log and conf files from the
appropriate sources. TIA!!!

I find the following in my smbd.log:

[2005/02/28 20:40:07, 0] lib/util_sock.c:get_peer_addr(1000)
  getpeername failed. Error was Transport endpoint is not connected
[2005/02/28 20:40:07, 0] lib/util_sock.c:get_peer_addr(1000)
  getpeername failed. Error was Transport endpoint is not connected
[2005/02/28 20:40:07, 0] lib/util_sock.c:write_socket_data(430)
  write_socket_data: write failure. Error = Connection reset by peer
[2005/02/28 20:40:07, 0] lib/util_sock.c:write_socket(455)
  write_socket: Error writing 4 bytes to socket 22: ERRNO = Connection reset by
peer
[2005/02/28 20:40:07, 0] lib/util_sock.c:send_smb(647)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
[2005/02/28 20:40:07, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
  Username TRW+wopr$ is invalid on this system
[2005/02/28 20:40:07, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
  Username TRW+wopr$ is invalid on this system

#######I also have the following in my winbindd.log:

[2005/02/28 20:40:07, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
  user 'JNALLEY' does not exist
[2005/02/28 20:40:07, 0] libsmb/smb_signing.c:signing_good(240)
  signing_good: BAD SIG: seq 1
[2005/02/28 20:40:07, 0] libsmb/clientgen.c:cli_receive_smb(121)
  SMB Signature verification failed on incoming packet!
[2005/02/28 20:40:07, 0] libsmb/smb_signing.c:signing_good(240)
  signing_good: BAD SIG: seq 1
[2005/02/28 20:40:07, 0] libsmb/clientgen.c:cli_receive_smb(121)
  SMB Signature verification failed on incoming packet!
[2005/02/28 20:40:07, 0] libsmb/smb_signing.c:signing_good(240)
  signing_good: BAD SIG: seq 1
[2005/02/28 20:40:07, 0] libsmb/clientgen.c:cli_receive_smb(121)
  SMB Signature verification failed on incoming packet!
[2005/02/28 20:40:07, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
  user 'jnalley' does not exist
[2005/02/28 20:40:07, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
  user 'jnalley' does not exist
[2005/02/28 20:40:07, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
  user 'JNALLEY' does not exist
[2005/02/28 20:40:07, 0] libsmb/smb_signing.c:signing_good(240)
  signing_good: BAD SIG: seq 1
[2005/02/28 20:40:07, 0] libsmb/clientgen.c:cli_receive_smb(121)
  SMB Signature verification failed on incoming packet!
[2005/02/28 20:40:07, 0] libsmb/smb_signing.c:signing_good(240)
  signing_good: BAD SIG: seq 1
[2005/02/28 20:40:07, 0] libsmb/clientgen.c:cli_receive_smb(121)
  SMB Signature verification failed on incoming packet!
[2005/02/28 20:40:07, 0] libsmb/smb_signing.c:signing_good(240)
  signing_good: BAD SIG: seq 1
[2005/02/28 20:40:07, 0] libsmb/clientgen.c:cli_receive_smb(121)
  SMB Signature verification failed on incoming packet!
[2005/02/28 20:40:07, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298)
  group Domain Users in domain TRW does not exist
[2005/02/28 20:40:07, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
  user 'wopr$' does not exist
[2005/02/28 20:40:07, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
  user 'wopr$' does not exist
[2005/02/28 20:40:07, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
  user 'WOPR$' does not exist
[2005/02/28 20:40:07, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
  user 'wopr$' does not exist
[2005/02/28 20:40:07, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
  user 'WOPR$' does not exist
[2005/02/28 20:40:09, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298)
  group Domain Users in domain TRW does not exist
[2005/02/28 20:40:13, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298)
  group Domain Users in domain TRW does not exist



################ smb.conf  #########################

[global]
        workgroup = TRW
        netbios name = JOSHUA
#winbind defs
        #this is the separatr for domain/username
        winbind separator = +
        #idmap uid and idmap gid are aliases for winbind uid and gid
        idmap gid = 10000-20000
        idmap uid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        winbind use default domain = yes

#AD STuff
        security = ads
        encrypt passwords = yes
        realm = grnvl.trw.com
        password server = wopr.grnvl.trw.com
        domain master = no
        client use spnego = yes
[bubba]
        comment = bubba application data
        path = /data/bubba
        read only = no
        browseable = yes
        valid users = @"Domain Users"

##################### krb5.conf ####################

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = GRNVL.TRW.COM
 default_tkt_enctypes = des-cbc-md5 des-cbc-crc
 default_tgs_enctypes = des-cbc-md5 des-cbc-crc
 dns_lookup_realm = yes
 dns_lookup_kdc = yes

[realms]
 GRNVL.TRW.COM = {
  kdc = WOPR.GRNVL.TRW.COM
 admin_server = WOPR.GRNVL.TRW.COM
  default_domain = GRNVL.TRW.COM
password_server = WOPR.GRNVL.TRW.COM
 }

[domain_realm]
 .grnvl.trw.com = GRNVL.TRW.COM
 grnvl.trw.com = GRNVL.TRW.COM

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

-- 
This message has been scanned for viruses, spam and
dangerous content by MailScanner, utilizing ClamAV 
and SpamAssassin on RedHat Linux (Valhalla) and is
believed to be clean.

Andrew Bartlett

2005-Mar-01 07:04 UTC

head link

[Samba] SMB Signature verification failed on incoming packet!

On Mon, 2005-02-28 at 20:51 -0500, David Nalley wrote:> I am running Samba 3.0.9/KRB5 1.4 on Centos 3.4
Try with 3.0.11.  I think there was a post 3.0.9 fix for kerberos smb
signing.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20050301/ff9fce55/attachment.bin

Possibly Parallel Threads

Search for more maybe matching threads

samba - Mar 2005 - SMB Signature verification failed on incoming packet!

[Samba] SMB Signature verification failed on incoming packet!

[Samba] SMB Signature verification failed on incoming packet!

Possibly Parallel Threads