Adam Tauno Williams
2012-Dec-17 14:35 UTC
[Samba] S4 AD Domain Up; but lots of NTLMSSP NTLM2 errors
samba-4.0.0 x86_64, CentOS6.3 My Samba4 / AD is up and running after migrating this weekend. Testing looked good and the domain *is working* but there are some issues. My log.samba file is full of the following; I'm not certain of the significance of these. [2012/12/17 05:59:09, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2012/12/17 06:35:30, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2012/12/17 06:55:58, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2012/12/17 06:59:10, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2012/12/17 07:44:14, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2012/12/17 07:58:31, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2012/12/17 08:10:11, 0] ../source4/rpc_server/drsuapi/writespn.c:237(dcesrv_drsuapi_DsWriteAccountSpn) Failed to modify SPNs on CN=pc02541,OU=Industries Workstations,DC=micore,DC=us: error in module acl: Constraint violation (19) [2012/12/17 08:26:00, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2012/12/17 08:37:30, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2012/12/17 08:41:42, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2012/12/17 09:15:32, 0] ../source4/rpc_server/drsuapi/writespn.c:237(dcesrv_drsuapi_DsWriteAccountSpn) Failed to modify SPNs on CN=pc02541,OU=Industries Workstations,DC=micore,DC=us: error in module acl: Constraint violation (19) [2012/12/17 09:24:47, 0] ../source4/rpc_server/drsuapi/writespn.c:237(dcesrv_drsuapi_DsWriteAccountSpn) Failed to modify SPNs on CN=chrisxpprovm,OU=Industries Workstations,DC=micore,DC=us: error in module acl: Constraint violation (19) .... -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA
Andrew Bartlett
2012-Dec-17 20:57 UTC
[Samba] S4 AD Domain Up; but lots of NTLMSSP NTLM2 errors
On Mon, 2012-12-17 at 09:35 -0500, Adam Tauno Williams wrote:> samba-4.0.0 x86_64, CentOS6.3 > > My Samba4 / AD is up and running after migrating this weekend. Testing > looked good and the domain *is working* but there are some issues. > > My log.samba file is full of the following; I'm not certain of the > significance of these. > > [2012/12/17 05:59:09, > 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) > NTLMSSP NTLM2 packet check failed due to invalid signature! > [2012/12/17 06:35:30,Any idea what client is giving these? I thought we managed to silence these a while back - there was a case where this was happening on LDAP.> Failed to modify SPNs on CN=pc02541,OU=Industries > Workstations,DC=micore,DC=us: error in module acl: Constraint violation > (19) > [2012/12/17 09:24:47, > 0] ../source4/rpc_server/drsuapi/writespn.c:237(dcesrv_drsuapi_DsWriteAccountSpn) > Failed to modify SPNs on CN=chrisxpprovm,OU=Industries > Workstations,DC=micore,DC=us: error in module acl: Constraint violation > (19)These are different to the above, and it is a known issue. We have a set of patches, but they need much more work before we can fix that. It happens when the client is trying to change only the case of the servicePrincipalName over DRS. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
Apparently Analagous Threads
- problems with windows 2000 terminal server in AD with samba4rc5 (on Ubuntu 12.04.1 64bit) DC
- NTLMSSP NTLM2 - Invalid signature
- NTLMSSP NTLM2 packet check failed due to invalid signature
- NTLMSSP NTLM2 packet check failed due to invalid signature
- NTLMSSP NTLM2 packet check failed due to invalid signature