Yaroslav Yurta
2016-Dec-27 17:21 UTC
[Samba] Trouble with access to sysvol share using SMB2 or SMB3 protocol on client PC
Hi, guys. I have an issue with accessing to my sysvol share with smb2 or smb3 clients. I have an issue with editing my Group Policy from Windows 7,8,8.1,10 or Windows Server 2012 clients with RSAT installed and everything works fine when I edit group policy from Windows XP machine. I disable SMB2 & SMB3 in my Windows server machine and it fix the problem, but is it a correct workaround for my problem or something going wrong in my Samba DC? In logs I see many records like this: Dec 27 19:17:14 potter samba[12831]: [2016/12/27 19:17:14.599455, 0, pid=12831, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) Dec 27 19:17:14 potter samba[12831]: [0000] D4 9D DA 0E 91 76 54 45 98 53 02 60 4C 07 DD 09 .....vTE .S.`L... Dec 27 19:17:14 potter samba[12831]: [2016/12/27 19:17:14.601839, 0, pid=12831, effective(0, 0), real(0, 0)] ../source4/libcli/smb2/signing.c:116(smb2_check_signature) Dec 27 19:17:14 potter samba[12831]: Bad SMB2 signature for message of size 202 Dec 27 19:17:14 potter samba[12831]: [2016/12/27 19:17:14.601880, 0, pid=12831, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) Dec 27 19:17:14 potter samba[12831]: [0000] A2 9E 95 E2 CE 4B E6 E6 D5 07 F4 72 E6 4C CF 98 .....K.. ...r.L.. Dec 27 19:17:14 potter samba[12831]: [2016/12/27 19:17:14.601925, 0, pid=12831, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) Dec 27 19:17:14 potter samba[12831]: [0000] FB 60 13 76 92 88 56 4F AA 9C 35 4C D5 AB F2 1B .`.v..VO ..5L.... Dec 27 19:17:15 potter samba[12831]: [2016/12/27 19:17:15.113853, 0, pid=12831, effective(0, 0), real(0, 0)] ../source4/libcli/smb2/signing.c:116(smb2_check_signature) Dec 27 19:17:15 potter samba[12831]: Bad SMB2 signature for message of size 202 Dec 27 19:17:15 potter samba[12831]: [2016/12/27 19:17:15.113894, 0, pid=12831, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) Dec 27 19:17:15 potter samba[12831]: [0000] 73 43 48 69 04 3B 67 C1 DF D4 46 E8 F1 E0 52 C5 sCHi.;g. ..F...R. Dec 27 19:17:15 potter samba[12831]: [2016/12/27 19:17:15.113940, 0, pid=12831, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) Dec 27 19:17:15 potter samba[12831]: [0000] CF C1 F3 45 2A 8E 01 E3 D0 E1 1E 84 EE ED 6D B5 ...E*... ......m. Dec 27 19:17:17 potter samba[12831]: [2016/12/27 19:17:17.625580, 0, pid=12831, effective(0, 0), real(0, 0)] ../source4/libcli/smb2/signing.c:116(smb2_check_signature) Dec 27 19:17:17 potter samba[12831]: Bad SMB2 signature for message of size 202 Dec 27 19:17:19 potter samba[12831]: [2016/12/27 19:17:19.638596, 0, pid=12831, effective(0, 0), real(0, 0)] ../source4/libcli/smb2/signing.c:116(smb2_check_signature) Dec 27 19:17:19 potter samba[12831]: Bad SMB2 signature for message of size 312 permissions on sysvol: getfacl sysvol # file: sysvol # owner: root # group: 3000000 user::rwx user:root:rwx user:3000000:rwx user:3000009:r-x user:3000175:r-x user:3000176:rwx group::rwx group:3000000:rwx group:3000009:r-x group:3000175:r-x group:3000176:rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:user:3000000:rwx default:user:3000009:r-x default:user:3000175:r-x default:user:3000176:rwx default:group::--- default:group:3000000:rwx default:group:3000009:r-x default:group:3000175:r-x default:group:3000176:rwx default:mask::rwx default:other::--- My smb.conf: # Global parameters [global] debug level = 10 syslog = 10 netbios name = POTTER realm = DEV.COM.UA server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, smb workgroup = DEVCOM server role = active directory domain controller dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, winreg, srvsvc idmap_ldb:use rfc2307 = yes kerberos method = system keytab #ldap ssl = off #ldap ssl ads = no ldap server require strong auth = no client ldap sasl wrapping = sign allow dns updates = nonsecure and secure nsupdate command = /usr/bin/nsupdate -g -d #nsupdate command = /usr/local/samba/sbin/samba_dnsupdate -d 3 [netlogon] path = /usr/local/samba/var/locks/sysvol/dev.com.ua/scripts read only = No write ok = Yes [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No write ok = Yes -- *----------З повагою!Юрта Ярослав Тарасович.*
Rowland Penny
2016-Dec-27 17:40 UTC
[Samba] Trouble with access to sysvol share using SMB2 or SMB3 protocol on client PC
On Tue, 27 Dec 2016 19:21:34 +0200 Yaroslav Yurta via samba <samba at lists.samba.org> wrote:> Hi, guys. > I have an issue with accessing to my sysvol share with smb2 or smb3 > clients. I have an issue with editing my Group Policy from Windows > 7,8,8.1,10 or Windows Server 2012 clients with RSAT installed and > everything works fine when I edit group policy from Windows XP > machine. I disable SMB2 & SMB3 in my Windows server machine and it > fix the problem, but is it a correct workaround for my problem or > something going wrong in my Samba DC? > In logs I see many records like this: > Dec 27 19:17:14 potter samba[12831]: [2016/12/27 19:17:14.599455, 0, > pid=12831, effective(0, 0), real(0, > 0)] ../lib/util/util.c:559(dump_data) Dec 27 19:17:14 potter > samba[12831]: [0000] D4 9D DA 0E 91 76 54 45 98 53 02 60 4C 07 DD > 09 .....vTE .S.`L... Dec 27 19:17:14 potter samba[12831]: > [2016/12/27 19:17:14.601839, 0, pid=12831, effective(0, 0), real(0, > 0)] ../source4/libcli/smb2/signing.c:116(smb2_check_signature) > Dec 27 19:17:14 potter samba[12831]: Bad SMB2 signature for message > of size 202 > Dec 27 19:17:14 potter samba[12831]: [2016/12/27 19:17:14.601880, 0, > pid=12831, effective(0, 0), real(0, > 0)] ../lib/util/util.c:559(dump_data) Dec 27 19:17:14 potter > samba[12831]: [0000] A2 9E 95 E2 CE 4B E6 E6 D5 07 F4 72 E6 4C CF > 98 .....K.. ...r.L.. Dec 27 19:17:14 potter samba[12831]: > [2016/12/27 19:17:14.601925, 0, pid=12831, effective(0, 0), real(0, > 0)] ../lib/util/util.c:559(dump_data) Dec 27 19:17:14 potter > samba[12831]: [0000] FB 60 13 76 92 88 56 4F AA 9C 35 4C D5 AB F2 > 1B .`.v..VO ..5L.... Dec 27 19:17:15 potter samba[12831]: > [2016/12/27 19:17:15.113853, 0, pid=12831, effective(0, 0), real(0, > 0)] ../source4/libcli/smb2/signing.c:116(smb2_check_signature) > Dec 27 19:17:15 potter samba[12831]: Bad SMB2 signature for message > of size 202 > Dec 27 19:17:15 potter samba[12831]: [2016/12/27 19:17:15.113894, 0, > pid=12831, effective(0, 0), real(0, > 0)] ../lib/util/util.c:559(dump_data) Dec 27 19:17:15 potter > samba[12831]: [0000] 73 43 48 69 04 3B 67 C1 DF D4 46 E8 F1 E0 52 > C5 sCHi.;g. ..F...R. Dec 27 19:17:15 potter samba[12831]: > [2016/12/27 19:17:15.113940, 0, pid=12831, effective(0, 0), real(0, > 0)] ../lib/util/util.c:559(dump_data) Dec 27 19:17:15 potter > samba[12831]: [0000] CF C1 F3 45 2A 8E 01 E3 D0 E1 1E 84 EE ED 6D > B5 ...E*... ......m. Dec 27 19:17:17 potter samba[12831]: > [2016/12/27 19:17:17.625580, 0, pid=12831, effective(0, 0), real(0, > 0)] ../source4/libcli/smb2/signing.c:116(smb2_check_signature) > Dec 27 19:17:17 potter samba[12831]: Bad SMB2 signature for message > of size 202 > Dec 27 19:17:19 potter samba[12831]: [2016/12/27 19:17:19.638596, 0, > pid=12831, effective(0, 0), real(0, 0)] > ../source4/libcli/smb2/signing.c:116(smb2_check_signature) > Dec 27 19:17:19 potter samba[12831]: Bad SMB2 signature for message > of size 312 > > permissions on sysvol: > getfacl sysvol > > # file: sysvol > > > # owner: root > > > # group: 3000000 > > > user::rwx > > > user:root:rwx > > > user:3000000:rwx > > > user:3000009:r-x > > > user:3000175:r-x > > > user:3000176:rwx > > > group::rwx > > > group:3000000:rwx > > > group:3000009:r-x > > > group:3000175:r-x > > > group:3000176:rwx > > > mask::rwx > > > other::--- > > > default:user::rwx > default:user:root:rwx > default:user:3000000:rwx > default:user:3000009:r-x > default:user:3000175:r-x > default:user:3000176:rwx > default:group::--- > default:group:3000000:rwx > default:group:3000009:r-x > default:group:3000175:r-x > default:group:3000176:rwx > default:mask::rwx > default:other::--- > > My smb.conf: > # Global parameters > [global] > debug level = 10 > syslog = 10 > netbios name = POTTER > realm = DEV.COM.UA > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, ntp_signd, kcc, dnsupdate, smb > workgroup = DEVCOM > server role = active directory domain controller > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, > netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, > eventlog6, backupkey, dnsserver, winreg, srvsvc > idmap_ldb:use rfc2307 = yes > kerberos method = system keytab > #ldap ssl = off > #ldap ssl ads = no > ldap server require strong auth = no > client ldap sasl wrapping = sign > allow dns updates = nonsecure and secure > nsupdate command = /usr/bin/nsupdate -g -d > #nsupdate command = /usr/local/samba/sbin/samba_dnsupdate -d 3 > [netlogon] > path = /usr/local/samba/var/locks/sysvol/dev.com.ua/scripts > read only = No > write ok = Yes > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No > write ok = Yes > >Is there some reason why you have 's3fs' and 'smb' in the 'server services' line ? Try removing 'smb' Rowland
Yaroslav Yurta
2016-Dec-28 12:16 UTC
[Samba] Trouble with access to sysvol share using SMB2 or SMB3 protocol on client PC
Yes removing smb from server services in smb.conf fixed this problem. Thanks. 2016-12-27 19:21 GMT+02:00 Yaroslav Yurta <yaroslav.tarasovuch at gmail.com>:> Hi, guys. > I have an issue with accessing to my sysvol share with smb2 or smb3 > clients. I have an issue with editing my Group Policy from Windows > 7,8,8.1,10 or Windows Server 2012 clients with RSAT installed and > everything works fine when I edit group policy from Windows XP machine. > I disable SMB2 & SMB3 in my Windows server machine and it fix the problem, > but is it a correct workaround for my problem or something going wrong in > my Samba DC? > In logs I see many records like this: > Dec 27 19:17:14 potter samba[12831]: [2016/12/27 19:17:14.599455, 0, > pid=12831, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > Dec 27 19:17:14 potter samba[12831]: [0000] D4 9D DA 0E 91 76 54 45 98 > 53 02 60 4C 07 DD 09 .....vTE .S.`L... > Dec 27 19:17:14 potter samba[12831]: [2016/12/27 19:17:14.601839, 0, > pid=12831, effective(0, 0), real(0, 0)] ../source4/libcli/smb2/ > signing.c:116(smb2_check_signature) > Dec 27 19:17:14 potter samba[12831]: Bad SMB2 signature for message of > size 202 > Dec 27 19:17:14 potter samba[12831]: [2016/12/27 19:17:14.601880, 0, > pid=12831, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > Dec 27 19:17:14 potter samba[12831]: [0000] A2 9E 95 E2 CE 4B E6 E6 D5 > 07 F4 72 E6 4C CF 98 .....K.. ...r.L.. > Dec 27 19:17:14 potter samba[12831]: [2016/12/27 19:17:14.601925, 0, > pid=12831, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > Dec 27 19:17:14 potter samba[12831]: [0000] FB 60 13 76 92 88 56 4F AA > 9C 35 4C D5 AB F2 1B .`.v..VO ..5L.... > Dec 27 19:17:15 potter samba[12831]: [2016/12/27 19:17:15.113853, 0, > pid=12831, effective(0, 0), real(0, 0)] ../source4/libcli/smb2/ > signing.c:116(smb2_check_signature) > Dec 27 19:17:15 potter samba[12831]: Bad SMB2 signature for message of > size 202 > Dec 27 19:17:15 potter samba[12831]: [2016/12/27 19:17:15.113894, 0, > pid=12831, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > Dec 27 19:17:15 potter samba[12831]: [0000] 73 43 48 69 04 3B 67 C1 DF > D4 46 E8 F1 E0 52 C5 sCHi.;g. ..F...R. > Dec 27 19:17:15 potter samba[12831]: [2016/12/27 19:17:15.113940, 0, > pid=12831, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > Dec 27 19:17:15 potter samba[12831]: [0000] CF C1 F3 45 2A 8E 01 E3 D0 > E1 1E 84 EE ED 6D B5 ...E*... ......m. > Dec 27 19:17:17 potter samba[12831]: [2016/12/27 19:17:17.625580, 0, > pid=12831, effective(0, 0), real(0, 0)] ../source4/libcli/smb2/ > signing.c:116(smb2_check_signature) > Dec 27 19:17:17 potter samba[12831]: Bad SMB2 signature for message of > size 202 > Dec 27 19:17:19 potter samba[12831]: [2016/12/27 19:17:19.638596, 0, > pid=12831, effective(0, 0), real(0, 0)] ../source4/libcli/smb2/ > signing.c:116(smb2_check_signature) > Dec 27 19:17:19 potter samba[12831]: Bad SMB2 signature for message of > size 312 > > permissions on sysvol: > getfacl sysvol > > > > # file: sysvol > > > # owner: root > > > # group: 3000000 > > > user::rwx > > > user:root:rwx > > > user:3000000:rwx > > > user:3000009:r-x > > > user:3000175:r-x > > > user:3000176:rwx > > > group::rwx > > > group:3000000:rwx > > > group:3000009:r-x > > > group:3000175:r-x > > > group:3000176:rwx > > > mask::rwx > > > other::--- > > > default:user::rwx > default:user:root:rwx > default:user:3000000:rwx > default:user:3000009:r-x > default:user:3000175:r-x > default:user:3000176:rwx > default:group::--- > default:group:3000000:rwx > default:group:3000009:r-x > default:group:3000175:r-x > default:group:3000176:rwx > default:mask::rwx > default:other::--- > > My smb.conf: > # Global parameters > [global] > debug level = 10 > syslog = 10 > netbios name = POTTER > realm = DEV.COM.UA > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbindd, ntp_signd, kcc, dnsupdate, smb > workgroup = DEVCOM > server role = active directory domain controller > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, > netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, > backupkey, dnsserver, winreg, srvsvc > idmap_ldb:use rfc2307 = yes > kerberos method = system keytab > #ldap ssl = off > #ldap ssl ads = no > ldap server require strong auth = no > client ldap sasl wrapping = sign > allow dns updates = nonsecure and secure > nsupdate command = /usr/bin/nsupdate -g -d > #nsupdate command = /usr/local/samba/sbin/samba_dnsupdate -d 3 > [netlogon] > path = /usr/local/samba/var/locks/sysvol/dev.com.ua/scripts > read only = No > write ok = Yes > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No > write ok = Yes > > > -- > > > > *----------З повагою!Юрта Ярослав Тарасович.* >-- *----------З повагою!Юрта Ярослав Тарасович.*