[Samba] SMB signing broken? 3.0.7 -> 3.0.8
Tim
sambalist at darkgate.net
Wed Mar 16 11:46:44 GMT 2005
Hi Jeremy,
Yep, that reversion patch you did fixed it. I'm a little surprised
nobody else has mentioned this before me though. I assume it would
affect everybody who's DCs require smb signing?
Thanks for your help, I'll be rolling out 3.0.11 today.
Regards,
Tim.
Quoting Jeremy Allison <jra at samba.org>:
> On Tue, Mar 15, 2005 at 03:00:17PM +0000, Tim wrote:
> > Hi all.
> >
> > I originally suspected this problem was with netbios (which I have
> > disabled by default) and Jerry has helped me out a bit with but I've
> > been doing some more digging and I think the problem lies back further
> > than I expected.
> >
> > I was trying to upgrade from 3.0.7 to 3.0.11 so I've recompiled all
> > versions back from 3.0.11 and the problem first occured in 3.0.8. The
> > issue is with winbind, and the error I'm getting is
> > "failed tcon_X with NT_STATUS_ACCESS_DENIED":
> >
> > === 3.0.8: /usr/bin/winbind -i -d10 ===
> > ...
> > Got KRB5 session key of length 8
> > SMB signing enabled!
> > cli_simple_set_signing: user_session_key
> > [000] C8 5E D6 1A A1 46 10 BA .^...F..
> > cli_simple_set_signing: NULL response_data
> > simple_packet_signature: sequence number 0
> > client_sign_outgoing_message: sent SMB signature of
> > [000] 84 84 78 B3 60 4A 05 5B ..x.`J.[
> > store_sequence_for_reply: stored seq = 1 mid = 2
> > ...
> > client_check_incoming_message: BAD SIG: wanted SMB signature of
> > [000] D7 08 07 13 97 AC E9 8B ........
> > client_check_incoming_message: BAD SIG: got SMB signature of
> > [000] EF 85 1C D4 6A 1D AC 9D ....j...
> >
> >
> >
> > So... and please correct me if I'm wrong, but something changed
> > between 3.0.7 and 3.0.8 to do with SMB signing. The signature
> > size seems to have changed, but I don't know enough about the
> > SMB protocol to work out what this would mean.
> >
> > I also notice this in the Changelog:
> >
> > o Fixes for kerberos interoperability with Windows 200x
> > domains when using DES keys.
>
> Can you try this patch. It reverts that change.
>
> Jeremy.
>
More information about the samba
mailing list