samba - Aug 2017 - Bad SMB2 signature on Samba 4

Hi

I'm using Samba 4.6.5 on Debian 8.

Recently, in samba Service appears problems with SMB2 SIGNATURE as the
message below:

root at dc2:/home/suporte# /etc/init.d/samba4 status
samba4.service - LSB: start Samba4 daemons
   Loaded: loaded (/etc/init.d/samba4)
   Active: active (exited) since Seg 2017-07-31 17:14:07 -03; 15h ago
  Process: 443 ExecStart=/etc/init.d/samba4 start (code=exited,
status=0/SUCCESS)

Ago 01 01:30:17 dc2 samba[486]: Exiting pid 486 on SIGTERM
Ago 01 01:30:17 dc2 samba[489]: [2017/08/01 01:30:17.667239,  0]
../source...m)
Ago 01 01:30:17 dc2 samba[489]: Exiting pid 489 on SIGTERM
Ago 01 01:30:17 dc2 samba[492]: [2017/08/01 01:30:17.666852,  0]
../source...m)
Ago 01 01:30:17 dc2 samba[492]: Exiting pid 492 on SIGTERM
Ago 01 01:30:17 dc2 samba[487]: [2017/08/01 01:30:17.667284,  0]
../source...m)
Ago 01 01:30:17 dc2 samba[487]: Exiting pid 487 on SIGTERM
Ago 01 01:30:17 dc2 samba[493]: Exiting pid 493 on SIGTERM
Ago 01 01:30:17 dc2 samba[491]: [2017/08/01 01:30:17.666900,  0]
../source...m)
Ago 01 01:30:17 dc2 samba[491]: Exiting pid 491 on SIGTERM
Hint: Some lines were ellipsized, use -l to show in full.
root at dc2:/home/suporte# tail /var/log/syslog
Aug  1 08:07:50 dc2 smbd[2601]:   [0000] 00 00 00 00 00 00 00 00   00 00 00
00 00 00 00 00   ........ ........
Aug  1 08:07:50 dc2 smbd[2601]: [2017/08/01 08:07:50.220014,  0]
../lib/util/util.c:555(dump_data)
Aug  1 08:07:50 dc2 smbd[2601]:   [0000] 97 0E 60 D4 29 8C C3 39   D1 19 5C
44 2F 11 BC 41   ..`.)..9 ..\D/..A
Aug  1 08:17:01 dc2 CRON[2652]: (root) CMD (   cd / && run-parts
--report
/etc/cron.hourly)
Aug  1 08:43:15 dc2 smbd[2716]: [2017/08/01 08:43:15.604096,  0]
../libcli/smb/smb2_signing.c:171(smb2_signing_check_pdu)
Aug  1 08:43:15 dc2 smbd[2716]:   Bad SMB2 signature for message
Aug  1 08:43:15 dc2 smbd[2716]: [2017/08/01 08:43:15.604184,  0]
../lib/util/util.c:555(dump_data)
Aug  1 08:43:15 dc2 smbd[2716]:   [0000] 00 00 00 00 00 00 00 00   00 00 00
00 00 00 00 00   ........ ........
Aug  1 08:43:15 dc2 smbd[2716]: [2017/08/01 08:43:15.604206,  0]
../lib/util/util.c:555(dump_data)
Aug  1 08:43:15 dc2 smbd[2716]:   [0000] C2 06 72 B5 B7 B1 95 04   0E F5 4C
43 B5 18 13 15   ..r..... ..LC....

This way the Windows stations are having problems to authenticate
themselves. The login is taking a long time

Before, my Samba DC was work properly.

Follow my smb.conf file:


# Global parameters
[global]
 workgroup = EMPRESA
 realm = EMPRESA.COM.BR
 netbios name = DC2
 server role = active directory domain controller
 dns forwarder = 192.168.0.88,192.168.0.89
 idmap_ldb:use rfc2307 = yes
 ldap server require strong auth = no
 idmap config EMPRESA : unix_nss_info = yes
 winbind trusted domains only = no
 winbind use default domain = yes
 winbind enum users = yes
 winbind enum groups = yes
 winbind refresh tickets = yes


 template shell = /bin/bash
 template homedir = /home/%U


[netlogon]
 path = /usr/local/samba/var/locks/sysvol/empresa.com.br/scripts
 read only = No

[sysvol]
 path = /usr/local/samba/var/locks/sysvol
 read only = No
 acl_xattr:ignore system acls = yes

Sorry!

I forgot to ask my question!

Anybody have an idea how solve this problem?


Regards,

Márcio Bacci

2017-08-01 9:16 GMT-03:00 Marcio Demetrio Bacci <marciobacci at
gmail.com>:
> Hi
>
> I'm using Samba 4.6.5 on Debian 8.
>
> Recently, in samba Service appears problems with SMB2 SIGNATURE as the
> message below:
>
> root at dc2:/home/suporte# /etc/init.d/samba4 status
> samba4.service - LSB: start Samba4 daemons
>    Loaded: loaded (/etc/init.d/samba4)
>    Active: active (exited) since Seg 2017-07-31 17:14:07 -03; 15h ago
>   Process: 443 ExecStart=/etc/init.d/samba4 start (code=exited,
> status=0/SUCCESS)
>
> Ago 01 01:30:17 dc2 samba[486]: Exiting pid 486 on SIGTERM
> Ago 01 01:30:17 dc2 samba[489]: [2017/08/01 01:30:17.667239,  0]
> ../source...m)
> Ago 01 01:30:17 dc2 samba[489]: Exiting pid 489 on SIGTERM
> Ago 01 01:30:17 dc2 samba[492]: [2017/08/01 01:30:17.666852,  0]
> ../source...m)
> Ago 01 01:30:17 dc2 samba[492]: Exiting pid 492 on SIGTERM
> Ago 01 01:30:17 dc2 samba[487]: [2017/08/01 01:30:17.667284,  0]
> ../source...m)
> Ago 01 01:30:17 dc2 samba[487]: Exiting pid 487 on SIGTERM
> Ago 01 01:30:17 dc2 samba[493]: Exiting pid 493 on SIGTERM
> Ago 01 01:30:17 dc2 samba[491]: [2017/08/01 01:30:17.666900,  0]
> ../source...m)
> Ago 01 01:30:17 dc2 samba[491]: Exiting pid 491 on SIGTERM
> Hint: Some lines were ellipsized, use -l to show in full.
> root at dc2:/home/suporte# tail /var/log/syslog
> Aug  1 08:07:50 dc2 smbd[2601]:   [0000] 00 00 00 00 00 00 00 00   00 00
> 00 00 00 00 00 00   ........ ........
> Aug  1 08:07:50 dc2 smbd[2601]: [2017/08/01 08:07:50.220014,  0]
> ../lib/util/util.c:555(dump_data)
> Aug  1 08:07:50 dc2 smbd[2601]:   [0000] 97 0E 60 D4 29 8C C3 39   D1 19
> 5C 44 2F 11 BC 41   ..`.)..9 ..\D/..A
> Aug  1 08:17:01 dc2 CRON[2652]: (root) CMD (   cd / && run-parts
--report
> /etc/cron.hourly)
> Aug  1 08:43:15 dc2 smbd[2716]: [2017/08/01 08:43:15.604096,  0]
> ../libcli/smb/smb2_signing.c:171(smb2_signing_check_pdu)
> Aug  1 08:43:15 dc2 smbd[2716]:   Bad SMB2 signature for message
> Aug  1 08:43:15 dc2 smbd[2716]: [2017/08/01 08:43:15.604184,  0]
> ../lib/util/util.c:555(dump_data)
> Aug  1 08:43:15 dc2 smbd[2716]:   [0000] 00 00 00 00 00 00 00 00   00 00
> 00 00 00 00 00 00   ........ ........
> Aug  1 08:43:15 dc2 smbd[2716]: [2017/08/01 08:43:15.604206,  0]
> ../lib/util/util.c:555(dump_data)
> Aug  1 08:43:15 dc2 smbd[2716]:   [0000] C2 06 72 B5 B7 B1 95 04   0E F5
> 4C 43 B5 18 13 15   ..r..... ..LC....
>
> This way the Windows stations are having problems to authenticate
> themselves. The login is taking a long time
>
> Before, my Samba DC was work properly.
>
> Follow my smb.conf file:
>
>
> # Global parameters
> [global]
>  workgroup = EMPRESA
>  realm = EMPRESA.COM.BR
>  netbios name = DC2
>  server role = active directory domain controller
>  dns forwarder = 192.168.0.88,192.168.0.89
>  idmap_ldb:use rfc2307 = yes
>  ldap server require strong auth = no
>  idmap config EMPRESA : unix_nss_info = yes
>  winbind trusted domains only = no
>  winbind use default domain = yes
>  winbind enum users = yes
>  winbind enum groups = yes
>  winbind refresh tickets = yes
>
>
>  template shell = /bin/bash
>  template homedir = /home/%U
>
>
> [netlogon]
>  path = /usr/local/samba/var/locks/sysvol/empresa.com.br/scripts
>  read only = No
>
> [sysvol]
>  path = /usr/local/samba/var/locks/sysvol
>  read only = No
>  acl_xattr:ignore system acls = yes
>

On Tue, 1 Aug 2017 09:16:49 -0300
Marcio Demetrio Bacci via samba <samba at lists.samba.org> wrote:
> Hi
> 
> I'm using Samba 4.6.5 on Debian 8.
> 
> Recently, in samba Service appears problems with SMB2 SIGNATURE as the
> message below:
> 
> root at dc2:/home/suporte# /etc/init.d/samba4 status
> samba4.service - LSB: start Samba4 daemons
>    Loaded: loaded (/etc/init.d/samba4)
>    Active: active (exited) since Seg 2017-07-31 17:14:07 -03; 15h ago
>   Process: 443 ExecStart=/etc/init.d/samba4 start (code=exited,
> status=0/SUCCESS)
For some reason Samba has shut down.
> Follow my smb.conf file:
> 
> 
> # Global parameters
> [global]
>  workgroup = EMPRESA
>  realm = EMPRESA.COM.BR
>  netbios name = DC2
>  server role = active directory domain controller
>  dns forwarder = 192.168.0.88,192.168.0.89
>  idmap_ldb:use rfc2307 = yes
>  ldap server require strong auth = no
>  idmap config EMPRESA : unix_nss_info = yes
>  winbind trusted domains only = no
>  winbind use default domain = yes
>  winbind enum users = yes
>  winbind enum groups = yes
>  winbind refresh tickets = yes
> 
You should remove the following lines:

idmap config EMPRESA : unix_nss_info = yes
 winbind trusted domains only = no
 winbind use default domain = yes
 winbind enum users = yes
 winbind enum groups = yes
 winbind refresh tickets = yes

They either shouldn't be in a DC smb.conf, don't work on a DC or
shouldn't be used in production.

If removing the lines doesn't fix the problem, have a look in the Samba
logs, if still nothing, raise the Samba log level.

Rowland

On Tue, 1 Aug 2017 12:17:04 -0300
Marcio Demetrio Bacci <marciobacci at gmail.com> wrote:
> However, after that I removed winbind lines of the my smb.conf the
> "getent passwd" command shows only local users. The "getent
group"
> command shows only local groups.
> 
> Is this a problem?
No, it is a 'good' thing, imagine that you have 100,000 users, you have
the lines in smb.conf and you run 'getent passwd', how long do you
think it will take to display all the users and what will it have
gained you ? What if the user, you need to be sure exists, has the ID
10001, it will have scrolled of the screen and you will probably miss
it. If you run 'getent passwd username' you will get the output for
'username' if it exists, or nothing if it doesn't.

Rowland