thr3ads.net - samba - [Samba] Signing problem with trusted domain in 3.2.0 [Aug 2008]

If this information is useful, please help other people find it:
Share via:

devel@thom.fr.eu.org

2008-Aug-18 12:13 UTC

[Samba] Signing problem with trusted domain in 3.2.0

Hello

I seem to be having signing problems with 3.2.0

I have 2 PDCs on 2 different sites (say A and B) both running 3.2.0, with
the line server signing = auto in smb.conf. There is a one way trust (B
trusting A) setup.

While everything works correctly on both sites for local machines access
to local shares (a site A user logged on a site A machine can perfectly
access shares of site A PDC). The problem appears when one user logged on
site A tries to access share on site B PDC, or a user of site A tries to
log on site A domain from a site B machine. This problem disappears if
server signing is set to No in smb.conf. I could make a level 10 log of
smbd process while the problem appears, and could isolate the following
lines :

[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 2
[2008/08/15 12:24:29,  0]
libsmb/smb_signing.c:srv_check_incoming_message(754)
  srv_check_incoming_message: BAD SIG: seq 2 wanted SMB signature of
[2008/08/15 12:24:29,  5] lib/util.c:dump_data(2226)
  [000] 52 70 FA 2C 55 E1 28 A4                           Rp.,U.(.
[2008/08/15 12:24:29,  0]
libsmb/smb_signing.c:srv_check_incoming_message(758)
  srv_check_incoming_message: BAD SIG: seq 2 got SMB signature of
[2008/08/15 12:24:29,  5] lib/util.c:dump_data(2226)
  [000] 8E 53 67 0F 36 6B FC DB                           .Sg.6k..

and then smbd seems to turn off signing :

[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 4294967293
[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 4294967294
[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 4294967295
[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 0
[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 1
[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 2
[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 3
[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 4
[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 5
[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 6
[2008/08/15 12:24:29,  5] libsmb/smb_signing.c:signing_good(243)
  srv_check_incoming_message: signing negotiated but not required and peer
  isn't sending correct signatures. Turning off.

And at some point, the connexion is terminated (and windows pops up some
error message saying the server is no more available):

[2008/08/15 12:24:29, 10] lib/util.c:dump_data(2226)
  [000] 49 50 43 00 00 00 00                              IPC....
[2008/08/15 12:24:29,  5] lib/util_sock.c:read_socket_with_timeout(928)
  read_socket_with_timeout: blocking read. EOF from client.
[2008/08/15 12:24:29, 10] smbd/process.c:receive_smb_raw_talloc(276)
  receive_smb_raw: NT_STATUS_END_OF_FILE
[2008/08/15 12:24:29,  3] smbd/process.c:smbd_process(2027)
  receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
[2008/08/15 12:24:29,  5] lib/gencache.c:gencache_shutdown(93)
  Closing cache file

The complete log is available at http://www.thom.fr.eu.org/log.smbd

Anybody gone through similar problem ?

Thanks

Fran?ois

--

Volker Lendecke

2008-Aug-18 12:25 UTC

head link

[Samba] Signing problem with trusted domain in 3.2.0

On Mon, Aug 18, 2008 at 02:13:16PM +0200, devel@thom.fr.eu.org
wrote:> I seem to be having signing problems with 3.2.0
Should be fixed in 3.2.1.

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20080818/087173e0/attachment.bin

Possibly Parallel Threads

Search for more possibly parallel threads

samba - Aug 2008 - Signing problem with trusted domain in 3.2.0

[Samba] Signing problem with trusted domain in 3.2.0

[Samba] Signing problem with trusted domain in 3.2.0

Possibly Parallel Threads