[Samba] Bad SMB2 (sign_algo_id=1) signature for message

Jones Syue 薛懷宗 jonessyue at qnap.com
Tue Apr 9 08:57:47 UTC 2024 

Ohh my bad, following is the correct wireshark captures to match samba
log and event viewer logs:

wireshark
5895	11:38:38.5	SMB			Negotiate Protocol Request
5897	11:38:38.5	SMB2		00000000000000000000000000000000	Negotiate Protocol Response
5898	11:38:38.5	SMB2		00000000000000000000000000000000	Negotiate Protocol Request
5899	11:38:38.5	SMB2		00000000000000000000000000000000	Negotiate Protocol Response
5900	11:38:38.5	SMB2		00000000000000000000000000000000	Session Setup Request, NTLMSSP_NEGOTIATE
5901	11:38:38.5	SMB2	nobody	00000000000000000000000000000000	Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
5902	11:38:38.5	SMB2	nobody	00000000000000000000000000000000	Session Setup Request, NTLMSSP_AUTH, User: \nobody
5903	11:38:38.5	SMB2	nobody	00000000000000000000000000000000	Session Setup Response
5912	11:38:38.5	SMB2	nobody	00000000000000000000000000000000	Tree Connect Request Tree: \\10.19.251.135\IPC$
5913	11:38:38.5	SMB2	nobody	00000000000000000000000000000000	Tree Connect Response
5914	11:38:38.5	SMB2	nobody	00000000000000000000000000000000	Ioctl Request FSCTL_DFS_GET_REFERRALS, File: \10.19.251.135\tmp
5915	11:38:38.5	SMB2	nobody	00000000000000000000000000000000	Ioctl Response, Error: STATUS_NOT_FOUND
5916	11:38:38.5	SMB2	nobody	00000000000000000000000000000000	Tree Connect Request Tree: \\10.19.251.135\tmp
5917	11:38:38.5	SMB2	nobody	00000000000000000000000000000000	Tree Connect Response
5953	11:38:38.6	SMB2	nobody	00000000000000000000000000000000	Create Request File: Desktop.ini
5954	11:38:38.6	SMB2	nobody	00000000000000000000000000000000	Create Response, Error: STATUS_OBJECT_NAME_NOT_FOUND
5955	11:38:38.6	SMB2	nobody	00000000000000000000000000000000	Create Request File: AutoRun.inf
5956	11:38:38.6	SMB2	nobody	00000000000000000000000000000000	Create Response, Error: STATUS_OBJECT_NAME_NOT_FOUND
7526	11:38:49.2	SMB2	nobody	00000000000000000000000000000000	Tree Disconnect Request
7527	11:38:49.2	SMB2	nobody	00000000000000000000000000000000	Tree Disconnect Response
22453	11:40:43.8	SMB2	nobody	631023af17e6f9b7edaa43f98a66d3b1	Ioctl Request FSCTL_QUERY_NETWORK_INTERFACE_INFO
22455	11:40:43.8	SMB2	nobody	3641111768469445f17980e07900b221	Ioctl Response, Error: STATUS_ACCESS_DENIED
186869	11:50:44.1	SMB2	nobody	619925b6691cbf69349132a034fb169c	Ioctl Request FSCTL_QUERY_NETWORK_INTERFACE_INFO
186874	11:50:44.1	SMB2	nobody	f8b34323fab89f88cf2926750aff336c	Ioctl Response, Error: STATUS_ACCESS_DENIED

samba log:
[2024/04/09 11:40:44.175958,  0] ../../libcli/smb/smb2_signing.c:722(smb2_signing_check_pdu)
  Bad SMB2 (sign_algo_id=1) signature for message
[2024/04/09 11:40:44.176101,  0] ../../lib/util/util.c:569(dump_data)
  [0000] 63 10 23 AF 17 E6 F9 B7   ED AA 43 F9 8A 66 D3 B1   c.#..... ..C..f..
[2024/04/09 11:40:44.176134,  0] ../../lib/util/util.c:569(dump_data)
  [0000] 96 AE 0E 9F 58 70 5B 50   96 CC 3E 6A CF 14 FF 31   ....Xp[P ..>j...1
[2024/04/09 11:50:44.533099,  0] ../../libcli/smb/smb2_signing.c:722(smb2_signing_check_pdu)
  Bad SMB2 (sign_algo_id=1) signature for message
[2024/04/09 11:50:44.533205,  0] ../../lib/util/util.c:569(dump_data)
  [0000] 61 99 25 B6 69 1C BF 69   34 91 32 A0 34 FB 16 9C   a.%.i..i 4.2.4...
[2024/04/09 11:50:44.533227,  0] ../../lib/util/util.c:569(dump_data)
  [0000] 0D 1A 14 72 04 E2 D4 32   BC B6 32 E6 8E 55 9D C5   ...r...2 ..2..U..

event viewer:
Error	2024/4/9 AM 11:40:43	SMBClient	31013	None
Error	2024/4/9 AM 11:50:44	SMBClient	31013	None

--

Regards,
Jones Syue | 薛懷宗
QNAP Systems, Inc.

More information about the samba mailing list