SMB signing and 2ROT13
Matthew Geddes
musicalcarrion at gmail.com
Fri Dec 8 17:58:53 GMT 2006
Hi all,
I've seen a problem here with a Windows 2003 Server R2 PDC (as well as
Windows 2000 Server) where client signing is set either to auto or
mandatory and the Windows 2003 policy is left as mandatory (the default).
The issue is that packet captures show SMB signing is negotiated, so
Samba starts signing packets. Windows replies to our SMBs, but places
the same signature from our request in the reply. We're expecting a
different signature and barf. In the case where Samba is configured to
use signing where possible, but not mandate it, we try to back off and
not use signing, but Windows still mandates it.
Apart from bit 3 and possibly bit 12 in flags2, is there anything else
that needs to be done to negotiate signing?
Has anyone seen this before? It certainly looks like a problem with the
Windows DC. I'm running 3.0.23c FWIW.
The problem seems to come and go and I haven't yet worked out how to
reproduce it. Any suggestions would be appreciated.
thx,
Matt
More information about the samba-technical
mailing list