Inconsistencies/bug with SMB signatures during smbclient tar operation

Fran Fabrizio fran at cis.uab.edu
Thu Jan 15 22:38:16 GMT 2004 

I'm hesitant to label this a bug, as it probably is not, but I've posted
to the Samba general list with very little response, and the symptoms
are just bizarre enough that it might truly be a bug.  

The systems and software:  

The machine 'snapper' is a Windows 2k3 Active Directory Domain
Controller.  It has shares named 'dfs' with approximately 200G of data
as well as 'upkeep' and 'c$', both on the order of multiple gigs of
data.

Linux RedHat 9 running Samba 3.0.1.  smb.conf currently looks like:

[global]
realm = ciswinnet.cis.uab.edu
workgroup=CISWINNET
#security = DOMAIN
security = ADS
#security = SHARE
#security = USER
encrypt passwords = yes
password server = snapper.cis.uab.edu
client use spnego = yes
client signing = yes

I have tried this with all four security modes that you see there, with
client use spnego set to both 'yes' and 'no', with the -k Kerberos flag
to smbclient and without.  Each time I've witnessed the same result that
I am about to describe.  

The command I am attempting to run is:

smbclient \\\\snapper\\dfs <password> -U Administrator -E -W CISWINNET
-D WINDOWS -d0 -Tqca /tmp/test.tar

When I run this command, the operation proceeds normally for 2-3
minutes, at which time it fails (in the first case below it fails at
time 2m3.443s) in the following manner:

[2004/01/15 16:30:09, 0] libsmb/clientgen.c:cli_receive_smb(121)
  SMB Signature verification failed on incoming packet!
[2004/01/15 16:30:09, 0] client/clitar.c:do_atar(698)
  Error reading file
\home\faculty\bryant\bryantback-brblt\Images\a2family2\100msdcf\Dsc00082.jpg : Server packet had invalid SMB signature!
[2004/01/15 16:30:09, 0] client/clitar.c:do_atar(733)
  Didn't get entire file. size=536462, nread=262080
[2004/01/15 16:30:09, 0] client/clitar.c:do_atar(654)
  Server packet had invalid SMB signature! opening remote file
\home\faculty\bryant\bryantback-brblt\Images\a2family2\100msdcf\D
(\home\faculty\bryant\bryantback-brblt\Images\a2family2\100msdcf\)
[2004/01/15 16:30:09, 0] client/clitar.c:do_atar(654)
  Server packet had invalid SMB signature! opening remote file
\home\faculty\bryant\bryantback-brblt\Images\a2family2\100msdcf\D
(\home\faculty\bryant\bryantback-brblt\Images\a2family2\100msdcf\)
[snip]

I continue to receive error messages for every file left in this
directory, and then every directory left on the share.  For example, a
snippet:

Server packet had invalid SMB signature! listing \home\faculty\w\*
Server packet had invalid SMB signature! listing \home\f\*
Server packet had invalid SMB signature! listing \home\g\*
Server packet had invalid SMB signature! listing \home\g\*
Server packet had invalid SMB signature! listing \home\o\*
Server packet had invalid SMB signature! listing \home\s\*
Server packet had invalid SMB signature! listing \home\u\*
Server packet had invalid SMB signature! listing \home\u\*

At the end of the error output, it reports a Total bytes written of
"755698176".

I have tried to rearrange files on this share so that the error doesn't
always happen within the same file (by adding directories in earlier
alphabetical order, for example).  In these cases, I have seen it fail
in the middle of different files, although always around the same byte
count and time of failure.

If I try this operation on the shares 'upkeep' or 'c$', I see the
following failures:

upkeep fails at 2m47.569s at 1.1G data
c$ fails at 3m4.338s at 744M data

I believe to have ruled out Kerberos as the culprit because even with
the most standard standalone server smb.conf configuration such as:

[global]
workgroup=CISWINNET
security = USER
encrypt passwords = yes

I still see the same behavior.  Changing of the 'client signing' and
client use spnego' attributes also have no effect on the outcome.

The point of failure is predictable for a given share - if I run it
three times on the same share (without altering that share's files), I
will get the same total byte count and very similar timings.  There are
no messages generated in /var/spool/messages on the Linux machine. 
Watching 'top' output while the operation is in progress is inconclusive
- the machine has 1G memory, and while memory usage does go high on this
operation, I've not seen it hit the full limit of physical memory, and
at the time of failure, the amount of memory in use has differed by as
much as 150-200MB depending on which share I was testing.  

There is very little information available via Google search on the
"Server packet had invalid SMB signature!" and "SMB Signature
verification failed on incoming packet!" errors.  If I had to guess, I
would say that it "feels" like a client-side problem.  Communication
with the server is established, and the operation proceeds happily for
quite some time.  I am unable to discern what is triggering the failure
however.

I really didn't want to post it to this list, but both Google and the
general Samba list appear to have been stumped by this.  Any
help/insight you can offer would be greatly appreciated.  Please let me
know if I can provide any more info or increased debug output.

Thanks for your time, 
Fran



-- 

Fran Fabrizio
Senior Systems Analyst
Department of Computer and Information Sciences
University of Alabama - Birmingham
fran at cis.uab.edu
(205) 934-0653

More information about the samba-technical mailing list